Vulnerability Analyst — External Attack Surface & VDP

What you'll do

• Validate & reproduce findings from EASM ( internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact.

• Right - size severity & priority using exploitability signals (e.g., public exploit, EPSS/KEV), control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on.

• De duplicate, enrich & route findings to the correct owners; eliminate false positives; merge related signal (scanner output, logs, asset inventory, prior exceptions) and ensure single threaded tracking to closure.

• Partner with secure business enablement & product teams to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when " one-shot " remediation isn't feasible .

• Partner on governance workflows for risk acceptances, rating overrides, and re acceptance cycles; ensure issues aging and SLAs are visible in our dashboards.

• Close the loop with researchers (for VDP) through clear, respectful communications and crisp proof - of - fix retesting.

• Continuously improve signal quality by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vuln classes.

• Contribute as an adversary when needed ( mini - engagements ) to validate edge case chains and confirm impact beyond tool output.

• 3 - 5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing (internal or consulting).

• Proven ability to validate complex issues (param tampering, authN /Z bypass, SSRF, injection, IDOR, misconfig , cloud/API exposures) and write concise, repeatable steps with screenshots/ PoCs .

• Experience with EASM (e.g., Censys , Defender EASM, Cortex Xpanse ) and VDP/bug bounty platforms (e.g., HackerOne , Bugcrowd ) and their triage mechanics.

• Familiarity with enterprise VM & tracking (ServiceNow VR/IRM, Jira, Archer/Risk Register), and with platform scanners (Qualys/ Tenable/ Nessus/Burp/ZAP).

• Working knowledge of cloud (AWS/Azure), web & API security, PKI/TLS hygiene, DNS, and internet e xposed service hardening.

• Scripting (Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful.

• Exceptional written communication-capable of translating technical risk into actionable guidance and executive clarity.

• EPSS/ KEV driven prioritization, attack path/graph concepts, and risk quant inputs.

• Cloud posture and SaaS posture signals (SSPM) that intersect with external exposure.

• Building tuning logic for scanners and platform rules (e.g., policy libraries, discovery seeds, asset correlation).

• Certifications such as OSCP , GWAPT , GPEN (or equivalent demonstrable skill) are a plus; CISSP nice - to - have.

• A front row seat reducing real-world external risk-turning noisy findings into decisive action .

• Growth pathways into pen testing , threat modeling/assurance , or VM program leadership .