Vulnerability Disclosure Analyst

Are you excited to become a cybersecurity professional, and learn all aspects of vulnerability intelligence, analysis, and collections? Do you want to join a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market?

As a Vulnerability Disclosure Analyst at Flashpoint, you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.

Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io. 

We have a role for you if

• You are self-motivated and can work independently and in collaboration with others.
• You have compassion for customer needs and a desire to work in a client-sense business.
• You understand vulnerability concepts, including the most prevalent vulnerability types, privilege boundaries, and what defines vulnerability. 
• You understand programming languages, operating systems, web applications, client and server software, products, packages, components, or versioning. 
• You have knowledge and understanding of vulnerability disclosure trends and can apply vulnerability classification concepts for the most common vulnerability types

• You possess professional written and oral etiquette and communication skills with attention to detail and an ability to convey technical information in internal notes and messages.
• You can coordinate and collaborate with other team members on complex tasks
• You demonstrate strong attention to detail and the ability to maintain focus over extended periods of time.
• You possess high reading comprehension, attention to detail, and deductive reasoning with an affinity for writing research papers and summarizing
• You can make logical inferences about common vulnerabilities based on descriptions contained in disclosures and have some coding experience in one or more languages, such as C/C++, Java, Python, and Ruby, to the level where you can identify vulnerabilities when reading the code.
• You have some familiarity with security assessment tools and techniques, including vulnerability exploits.
• You understand basic concepts of Windows and Linux operating systems, access controls, and privilege levels.
• You are familiar with many widely used web applications, client and server software, and web browsers.

What you will get to do on our team

• Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.
• Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions. 
• Generate and update product and vendor metadata that enhances the ability to operationalize vulnerability data.
• Collect from existing sources and monitor automated scraping
• Assist team members during peak activity periods to ensure the timeliness of high-quality data.
• Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality. 
• The job would require staying current with the latest security threats, vulnerabilities, and industry best practices. 
• Collaborate with other teams to solve customer challenges, clarify technical content, and be customer-oriented.

What you will achieve 

• Within 30 days
• You will have analyzed and reviewed new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions. 

• Within 60 days 
• You will have analyzed vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities.

• By 90 days
• Collaborated with other team members to solve customer challenges and clarify technical content.

To be successful in this role, you will need

• Knowledge of common security software and hardware vulnerabilities and attack vectors. Understanding  OWASP top 20.
• Understanding of secure coding practices, cryptography, and authentication protocols.
• A knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
• Some experience with scripted languages (preferably Python3) and compiled languages (preferably C).

Base Pay Range: Salary ranges are determined by role, level, and location. Individual pay is determined by state, work location, and additional factors including job-related skills, experience, specialized skills or certifications, and relevant education or training. This position is eligible for incentive bonus compensation, and medical, dental, vision, life insurance, and 401K. Your recruiter can share more about the specific details of the compensation and benefits package during the interview process.

Why Flashpoint is a Great Place to Work:

• Diversity.  Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
• Culture and Belonging.  Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become.  You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more. 
• Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment.  That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
• Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.

Are you unsure if this role suits you or not? Unsure about the timing? Interested in future opportunities? Stay connected by joining our Talent Network. By doing so, you'll stay updated with Flashpoint news and upcoming career opportunities. Even if you're not ready to apply now, being part of our Talent Network ensures you won't miss out on exciting opportunities in the future.