← Jobs

Cybersecurity Software Engineer

Budget: $600.0 FIXED / ⭐ 0.00 (0) United States

openvas, vulnerability-assessment, network-security, kali-linux, python, node.js, penetration-testing

1. Move From Scheduled Scans to Continuous Monitoring Our scanning today runs on a configure-and-wait model. The market has moved to always-on monitoring that doesn't wait for the next scheduled scan. This is infrastructure work for our engineer, not an AI feature — and it's becoming the baseline expectation across the category. 2. Add an AI-Vendor-Governance Risk Category Regulators are starting to ask not just "is this vendor secure" but "does this vendor use AI responsibly." This fits naturally next to our existing Internal User Risk and Vendor Risk modules, i.e., a new risk type, not a new module architecture. A. Autonomous Risk Analyst Agent ("Xcigence Sentinel") An agent that continuously runs across your existing modules (scanning, vulnerability analysis, third/fourth-party risk, supply chain) and: ∙Correlates a new CVE or vendor breach disclosure against our asset inventory and vendor list automatically, without waiting for the next scheduled scan ∙Drafts the remediation ticket, severity justification, and affected-asset list itself ∙Surfaces only what changed and why it matters, instead of a static dashboard the CISO has to re-read every morning ∙Marketing angle: "Stop checking your dashboard. Let it check you." — positions Xcigence as proactive, not a reporting tool. B. Agentic Fourth-Party & Supply Chain Mapper Supply chain and fourth-party risk are manual list/lineage views today (per your QA script). An agent could: ∙Autonomously crawl public disclosures, SEC filings, breach databases, and vendor subprocessor lists to discover undisclosed fourth/fifth parties your vendors depend on ∙Auto-update the lineage graph and flag concentration risk ("12 of your vendors all depend on the same cloud subprocessor") ∙This directly leapfrogs Panorays, whose 4th/5th-party reach is currently their headline differentiator. C. Compliance Evidence-Collection Agent Matches and beats CyberSaint's current lead here: ∙Agent autonomously pulls evidence from connected systems (cloud configs, ticketing, IAM) and maps it to framework controls (CRI Profile/NIST CSF 2.0, SOC 2, ISO 27001) without an analyst manually uploading screenshots ∙Flags evidence that's stale or about to expire before an audit, not during one D. M&A and Investor Diligence Agent We already have a Post-M&A Assessment module and Investor Protection module which are seemingly rare features. An agent could: ∙Run an autonomous "instant cyber due diligence" scan on a target company the moment a deal is initiated, producing a defensible risk report in hours instead of weeks ∙This could be our single biggest white-space opportunity. No major competitor above leads with M&A/investor-diligence as a flagship use case. ​ "Xcigence: Cyber Due Diligence at Deal Speed" could be a standalone product line. E. Insider/Internal User Risk Behavioral Agent Our Internal User Risk module currently shows detail data. An agent could continuously baseline normal user behavior and proactively flag deviations (unusual data access, off-hours admin activity) bringing UEBA-style detection into a category where it's rarely paired with vendor risk. F. Conversational "Ask Xcigence" Interface A natural-language layer across the whole platform "Which vendors increased our supply chain risk this month and why?", answered by an agent that queries scan history, vendor risk, and compliance data live and cites its sources (this is now table stakes per the SOC vendors above; should not be skipped).​ Revamp the design of the dashboard to a modern and aestetically beautiful dashboard with interactive visuals. Test all functionalities including security, integration and regression testing making sure all security loopholes are fixed Document every design, development and changes and test scripts Compile all REST APIs and all other tehcnicial integration artifacts Fix the existing reporting issues with all the solutions.
Open job