Cybersecurity Vulnerability Analyst

About The Position

Requirements

• Bachelor’s degree and 8+ years of experience; OR Master’s Degree and 6+ years of experience; OR 3 years with PhD. Bachelor's or Master's degree must be one of the following fields: Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering. In lieu of a degree in one of these fields, an additional 4 years of relevant experience or specialized training may be considered.
• In-depth understanding of information security principles and practices
• Utilize MITRE ATT&CK, CVSS, and NIST frameworks to assess vulnerability severity and risk impact.
• In-depth understanding of web exploitation concepts and techniques.
• Knowledge and understanding of the Open Web Application Security Project (OWASP) top 10.
• Experience operating in a professional IT or cybersecurity environment.
• Experience investigating security events, threats and/or vulnerabilities.
• Understand information security principles, technologies and practices.
• Excellent customer service skills.
• Active Security+ certification.
• Active Secret security clearance required.

Nice To Haves

• CEH, CCNA-Security, CySA+, OSCP (or equivalent), PenTest+ or similar certification a plus.
• Possess DoD 8570.01-M Information Assurance Technician (IAT) Level II Baseline Certification
• Completed multiple Hack-The-Box penetration testing labs and challenges, developing hands‑on expertise in vulnerability enumeration, exploitation, privilege escalation, and post‑exploitation techniques within realistic, adversarial environments.
• Must possess an in-depth understanding of penetration testing methodology, including recon, exploit, persistence, etc.
• Must have a solid understanding of networking protocols, their uses, and their potential misuses
• Programming experience in one or more languages, experience in HTLM/CSS or SQL
• Experience with one or more scripting languages such as PowerShell, Bash, Python or Perl

Responsibilities

• Supports a Vulnerability Disclosure Program (VDP) within the federal government and is responsible for reviewing and vetting security vulnerability reports submitted to the DoD VDP from outside hackers.
• Evaluate the reports to ensure the vulnerability is reproducible and therefore valuable to the customer.
• Assess each vulnerability for severity and assign an associated risk statement.
• Utilize the HackerOne Triage console tool to assist in assigning and prioritizing reports and in helping identify duplicate submissions.
• Write valid reports in a DoD approved format and send to the Vulnerability Management Analyst team for system owner coordination and mitigation.
• Act as a VDP liaison with the hacker community.
• Utilize offensive toolsets such as Kali Linux to safely analyze production networks and systems, documenting steps and procedures to produce usable vulnerability assessments for the customer.
• Identify and investigate vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems.
• Conduct web application vulnerability assessment testing using both automated tools and manual web exploitation techniques, using tools such as Burp Suite and open-source toolsets.
• Utilize a variety of industry standard security tools to conduct automated scans against systems and applications.
• Develop and execute proof-of-concept exploits to demonstrate the real-world impact of identified vulnerabilities, utilizing various web exploitation methods.