Sr. Vulnerability Analyst (Maryland)

VulnCheck

45d•Remote

About The Position

Are you passionate about advancing the science of vulnerability analysis and threat intelligence? Do you want to join a mission-driven team that delivers real-world impact—and has the resources and technical culture to fuel your curiosity? We’re searching for a Senior Vulnerability Analyst with a deep understanding of the vulnerability management ecosystem, hands-on experience with the CVE process, and expert knowledge in standard frameworks like MITRE ATT&CK, CAPEC, CWE, and CVSS. This is a rare opportunity to leverage your skills and experience as a contributor to, or expert user of, CVE and related MITRE capabilities—while taking your career in vulnerability research to the next level. This is a 100% remote role but we're primarily looking for candidates in Maryland (and Massachusetts). VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. We especially welcome candidates bringing operational or leadership experience from the CVE Program or adjacent efforts—your background is valued here. You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below)

Requirements

Proven experience with the CVE Program—either as an analyst, CNA, or significant contributor in a major software or security organization.
Expert knowledge of MITRE ATT&CK, CAPEC, CWE, and working experience mapping vulnerabilities to these frameworks.
Advanced understanding of CVSS (v3 and v4), including real-world application to vulnerability scoring and risk communication.
Strong analytical, technical, and research skills, with a passion for data quality and process rigor.
Exceptional written and verbal communication skills—including the ability to translate complex technical details for diverse audiences.
Experience engaging with community initiatives, standards bodies, or open-source projects in the vulnerability or threat intelligence space is highly desirable.

Nice To Haves

Experience contributing to the evolution of vulnerability standards (e.g., participation in CVE Editorial Boards, CAPEC Working Groups, or similar).
Familiarity with automation tools or programming/scripting languages (Python, Golang, etc.) for data enrichment or workflow improvement.
Published research, whitepapers, or presentations in the field of vulnerability analysis, mapping, or threat intelligence.

Responsibilities

Map vulnerabilities: Analyze and map discovered vulnerabilities to MITRE ATT&CK techniques and CAPEC attack patterns with precision and consistency.
CWE assignment: Determine and assign accurate CWE (Common Weakness Enumeration) IDs, producing well-documented rationales.
CVSS calculation: Authoritatively calculate CVSS v3/v4 base scores, providing transparent, defensible justifications.
CVE Processing: Review, draft, and curate CVE Records, ensuring data quality, fidelity, and consistency with CVE Program standards.
Collaboration: Liaise with vulnerability researchers, product security teams, and standards communities to ensure best practices and knowledge transfer.
Process improvement: Develop and refine workflows and playbooks for vulnerability triage, mapping, and reporting.
Mentorship: Share your expertise by mentoring junior analysts and driving team knowledge-sharing initiatives.