Vanguard
Vulnerability Analyst — External Attack Surface & VDP
Vanguard, Charlotte, North Carolina, United States, 28245
Vulnerability Analyst — External Attack Surface & VDP
Validate and reproduce findings from EASM (internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact. Responsibilities include: Right-size severity and priority using exploitability signals, control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on. Deduplicate, enrich, and route findings to the correct owners; eliminate false positives; merge related signals and ensure single-threaded tracking to closure. Partner with secure business enablement and product teams to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when one-shot remediation isn’t feasible. Partner on governance workflows for risk acceptances, rating overrides, and reacceptance cycles; ensure issues aging and SLAs are visible in our dashboards. Close the loop with researchers (for VDP) through clear, respectful communications and crisp proof-of-fix retesting. Continuously improve signal quality by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vulnerability classes. Contribute as an adversary when needed (mini-engagements) to validate edge case chains and confirm impact beyond tool output. Requirements include: 3-5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing. Proven ability to validate complex issues and write concise, repeatable steps with screenshots/PoCs. Experience with EASM and VDP/bug bounty platforms and their triage mechanics. Familiarity with enterprise VM and tracking, and with platform scanners. Working knowledge of cloud, web, and API security, PKI/TLS hygiene, DNS, and internet exposed service hardening. Scripting (Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful. Exceptional written communication — capable of translating technical risk into actionable guidance and executive clarity. Vanguard is an equal opportunities employer and welcomes applications from all qualified candidates. We are committed to providing a work environment that is free from discrimination and harassment.
#J-18808-Ljbffr
Validate and reproduce findings from EASM (internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact. Responsibilities include: Right-size severity and priority using exploitability signals, control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on. Deduplicate, enrich, and route findings to the correct owners; eliminate false positives; merge related signals and ensure single-threaded tracking to closure. Partner with secure business enablement and product teams to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when one-shot remediation isn’t feasible. Partner on governance workflows for risk acceptances, rating overrides, and reacceptance cycles; ensure issues aging and SLAs are visible in our dashboards. Close the loop with researchers (for VDP) through clear, respectful communications and crisp proof-of-fix retesting. Continuously improve signal quality by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vulnerability classes. Contribute as an adversary when needed (mini-engagements) to validate edge case chains and confirm impact beyond tool output. Requirements include: 3-5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing. Proven ability to validate complex issues and write concise, repeatable steps with screenshots/PoCs. Experience with EASM and VDP/bug bounty platforms and their triage mechanics. Familiarity with enterprise VM and tracking, and with platform scanners. Working knowledge of cloud, web, and API security, PKI/TLS hygiene, DNS, and internet exposed service hardening. Scripting (Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful. Exceptional written communication — capable of translating technical risk into actionable guidance and executive clarity. Vanguard is an equal opportunities employer and welcomes applications from all qualified candidates. We are committed to providing a work environment that is free from discrimination and harassment.
#J-18808-Ljbffr