Tenable maintains a staff of engineers who keep track of all new publicized vulnerabilities and then develop ‘plugins’ for the Nessus vulnerability scanner. These ‘plugins’ are short programs that efficiently and accurately test scanned systems for the presence of the vulnerability. Vulnerability Research Engineers will spend a good portion of their time researching and exploiting disclosed vulnerabilities, while also coding production-level plugins to add to the Nessus Vulnerability Scanner.

Often, being able to accurately test for the vulnerability involves analyzing vendor-supplied security patches, manually configuring vulnerable targets in a virtual environment, analyzing the system or application to reliably understand the impact of the vulnerability then developing a method to test for the vulnerability remotely.

Key Responsibilities:

• Keep track of the newest published vulnerabilities

• Analyze vendor-supplied security patches

• Reproduce the conditions to exploit a vulnerability

• Setting up and exploring new software in a lab environment to determine feasibility for vulnerability checks

• Develop plugins to be utilized by Nessus that will recognize the presence of the vulnerability remotely or local

• Work with vulnerability data, log data and security events