EASM Validation Analyst
The Vanguard Group•Charlotte, PA
•Hybrid
About The Position
The External Attack Surface Management (EASM) Validation Analyst is responsible for triaging, validating, and operationalizing external security findings across EASM platforms, Vulnerability Disclosure Program (VDP), and GenAI-driven discovery capabilities. This role ensures that externally identified risks are accurate, prioritized appropriately, attributed to the correct owners, and driven toward remediation, enabling scalable risk reduction across the enterprise attack surface.
Requirements
- 2-5 years of experience in cybersecurity, vulnerability management, or application security
- Strong understanding of web, API, cloud, and network security concepts
- Experience with vulnerability triage, validation, and risk prioritization
- Familiarity with EASM tools and vulnerability management platforms
- Knowledge of VDP or bug bounty programs and triage methodologies
- Strong analytical and problem-solving skills
Nice To Haves
- Experience with scripting (Python, PowerShell, Bash)
- Familiarity with GenAI-assisted security tooling
- Experience working with ServiceNow VR/IRM, UVM platforms, or similar systems
- Knowledge of SaaS, cloud environments (AWS, Azure), and internet-exposed services
- Industry certifications (Security+, CEH, OSCP, CISSP - Associate level)
Responsibilities
- Triage and validate findings from EASM tools, VDP submissions, and GenAI-driven detection capabilities
- Perform technical validation to eliminate false positives and confirm exploitability risk
- Assign severity based on risk frameworks (CVSS, EPSS, KEV, asset criticality)
- Identify and attribute ownership to responsible application, infrastructure, or business teams
- Enrich findings with evidence, proof-of-concept, and remediation guidance
- Drive findings through remediation workflows, tracking SLA adherence and escalation
- Correlate findings across multiple sources to identify systemic risks or duplicate exposures
- Maintain and improve triage playbooks, workflows, and standard operating procedures
- Administer and support EASM and VDP platforms (e.g., Censys, Defender EASM, HackerOne, BugCrowd)
- Manage integrations with enterprise systems
- Ensure data quality, ingestion accuracy, and workflow integrity across platforms
- Monitor platform performance, uptime, and SLA adherence
- Support onboarding of new capabilities, including GenAI detection pipelines
- Partner with application owners, infrastructure teams, and security teams to drive remediation
- Communicate risk in a clear, actionable manner for both technical and non-technical stakeholders
- Work with VDP researchers when needed to clarify submissions and validate findings
- Collaborate with broader vulnerability management and EASM/VDP leadership to improve processes
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
