Vulnerability Disclosure Analyst

Flashpoint is the pioneering leader in threat data and intelligence. We empower commercial enterprises and government agencies to decisively confront complex security challenges, reduce risk, and improve operational resilience amid fast-evolving threats. Through the Flashpoint Ignite platform, we deliver unparalleled depth, breadth and speed of data from highly relevant sources, enriched by human insights. Our solutions span cyber threat intelligence, vulnerability intelligence, geopolitical risk, physical security, fraud and brand protection. The result: our customers safeguard critical assets, avoid financial loss, and protect lives. Discover more at flashpoint.io

Are you an experienced cybersecurity professional that enjoys all aspects of vulnerability intelligence, analysis, and collection and wants to be a part of a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market? We are looking for a Vulnerability Disclosure Analyst to join our team, here at Flashpoint. In this role you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.

We have a role for you if, you:

• possess high reading comprehension, attention to detail, and deductive reasoning.

• have writing skills and an affinity for writing research papers and summarizing complex subjects into short entries.

• are self-motivated and can work independently and in collaboration with others.

• have compassion for customer needs and a desire to work in a client-sense business.

• have some coding experience in one or more languages, such as C/C++, Java, Python, and Ruby, to the level where you can identify vulnerabilities when reading the code.

• have some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.

• conducted security testing, vulnerability and network scanning, and penetration testing.

• understand the concepts of Windows and Linux operating systems, access controls, and privilege levels.

• are familiar with many widely used web applications, client and server software, and web browsers.

What you will get to do on our team

• Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.

• Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.

• Assist team members during peak activity periods to ensure the timeliness of high-quality data.

• Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality.

• stay current with the latest security threats, vulnerabilities, and industry best practices.

• Provide mentorship and technical guidance to junior analysts and serve as a subject matter expert on vulnerabilities to the wider team.

• Collaborate with other teams such as Product, Engineering, and Customer Success to solve customer challenges, clarify technical content, and be customer-oriented.

What you will achieve

• Within 30 days

  • You will have analyzed and reviewed new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.

• Within 60 days

  • You will have analyzed vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities.

• By 90 days

  • Provided mentorship and technical guidance to junior analysts and served as a wider team's subject matter expert.

  • Collaborated with other teams such as Product, Engineering, and Customer Success to solve customer challenges and clarify technical content.

To be successful in this role, you will need

• In-depth knowledge of common security software and hardware vulnerabilities and attack vectors. Deep familiarity with OWASP top 20.

• Understanding of secure coding practices, cryptography, and authentication protocols.

• In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)

• Some experience with scripted languages (preferably Python3) and compiled languages (preferably C).

Why Flashpoint is a Great Place to Work:

• Diversity.  Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.

• Culture and Belonging.  Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become.  You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more. 

• Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment.  That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.

• Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.

Are you unsure if this role suits you or not? Unsure about the timing? Interested in future opportunities? Stay connected by joining our Talent Network. By doing so, you'll stay updated with Flashpoint news and upcoming career opportunities. Even if you're not ready to apply now, being part of our Talent Network ensures you won't miss out on exciting opportunities in the future.