Vanguard
Vulnerability Analyst External Attack Surface & VDP
Vanguard, Malvern, Pennsylvania, United States, 19355
What you’ll do
Validate & reproduce findings
from EASM ( internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact.
Right - size severity & priority
using exploitability signals (e.g., public exploit, EPSS/KEV), control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on.
De duplicate, enrich & route
findings to the correct owners; eliminate false positives; merge related signal (scanner output, logs, asset inventory, prior exceptions) and ensure single threaded tracking to closure.
Partner with secure business enablement & product teams
to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when “ one-shot ” remediation isn’t feasible .
Partner on governance workflows
for risk acceptances, rating overrides, and re acceptance cycles; ensure issues aging and SLAs are visible in our dashboards.
Close the loop with researchers
(for VDP) through clear, respectful communications and crisp proof - of - fix retesting.
Continuously improve signal quality
by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vuln classes.
Contribute as an adversary
when needed ( mini - engagements ) to validate edge case chains and confirm impact beyond tool output.
What you’ll bring
3 – 5 years
in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing (internal or consulting).
Proven ability to
validate complex issues
(param tampering, authN /Z bypass, SSRF, injection, IDOR, misconfig , cloud/API exposures) and write concise, repeatable steps with screenshots/ PoCs .
Experience with
EASM
(e.g., Censys , Defender EASM, Cortex Xpanse ) and
VDP/bug bounty
platforms (e.g., HackerOne , Bugcrowd ) and their triage mechanics.
Familiarity with
enterprise VM & tracking
(ServiceNow VR/IRM, Jira, Archer/Risk Register), and with platform scanners (Qualys/ Tenable/ Nessus/Burp/ZAP).
Working knowledge of
cloud
(AWS/Azure),
web & API
security, PKI/TLS hygiene, DNS, and internet e xposed service hardening.
Scripting
(Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful.
Exceptional written communication—capable of translating technical risk into
actionable guidance
and executive clarity.
Nice - to - have exposure
EPSS/ KEV driven prioritization, attack path/graph concepts, and risk quant inputs.
Cloud posture and SaaS posture signals (SSPM) that intersect with external exposure.
Building tuning logic for scanners and platform rules (e.g., policy libraries, discovery seeds, asset correlation).
Certifications such as
OSCP ,
GWAPT ,
GPEN
(or equivalent demonstrable skill) are a plus;
CISSP
nice - to - have.
What’s in it for you
A front row seat reducing real-world external risk—turning noisy findings into
decisive action .
Growth pathways into
pen testing ,
threat modeling/assurance , or
VM program leadership .
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.
About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Validate & reproduce findings
from EASM ( internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact.
Right - size severity & priority
using exploitability signals (e.g., public exploit, EPSS/KEV), control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on.
De duplicate, enrich & route
findings to the correct owners; eliminate false positives; merge related signal (scanner output, logs, asset inventory, prior exceptions) and ensure single threaded tracking to closure.
Partner with secure business enablement & product teams
to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when “ one-shot ” remediation isn’t feasible .
Partner on governance workflows
for risk acceptances, rating overrides, and re acceptance cycles; ensure issues aging and SLAs are visible in our dashboards.
Close the loop with researchers
(for VDP) through clear, respectful communications and crisp proof - of - fix retesting.
Continuously improve signal quality
by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vuln classes.
Contribute as an adversary
when needed ( mini - engagements ) to validate edge case chains and confirm impact beyond tool output.
What you’ll bring
3 – 5 years
in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing (internal or consulting).
Proven ability to
validate complex issues
(param tampering, authN /Z bypass, SSRF, injection, IDOR, misconfig , cloud/API exposures) and write concise, repeatable steps with screenshots/ PoCs .
Experience with
EASM
(e.g., Censys , Defender EASM, Cortex Xpanse ) and
VDP/bug bounty
platforms (e.g., HackerOne , Bugcrowd ) and their triage mechanics.
Familiarity with
enterprise VM & tracking
(ServiceNow VR/IRM, Jira, Archer/Risk Register), and with platform scanners (Qualys/ Tenable/ Nessus/Burp/ZAP).
Working knowledge of
cloud
(AWS/Azure),
web & API
security, PKI/TLS hygiene, DNS, and internet e xposed service hardening.
Scripting
(Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful.
Exceptional written communication—capable of translating technical risk into
actionable guidance
and executive clarity.
Nice - to - have exposure
EPSS/ KEV driven prioritization, attack path/graph concepts, and risk quant inputs.
Cloud posture and SaaS posture signals (SSPM) that intersect with external exposure.
Building tuning logic for scanners and platform rules (e.g., policy libraries, discovery seeds, asset correlation).
Certifications such as
OSCP ,
GWAPT ,
GPEN
(or equivalent demonstrable skill) are a plus;
CISSP
nice - to - have.
What’s in it for you
A front row seat reducing real-world external risk—turning noisy findings into
decisive action .
Growth pathways into
pen testing ,
threat modeling/assurance , or
VM program leadership .
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.
About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.