Vulnerability Analyst — External Attack Surface & VDP

VanguardMalvern, PA
106d
Match Resume

About The Position

In this role, you will validate and reproduce findings from External Attack Surface Management (EASM) and Vulnerability Disclosure Program (VDP) submissions, focusing on internet exposed assets, misconfigurations, leaked services, weak cryptography, and open ports. You will utilize manual techniques and penetration testing frameworks to confirm exploitability and assess business impact. Your responsibilities will include right-sizing severity and priority using various exploitability signals, documenting rationale and evidence for developers and risk owners, and ensuring findings are deduplicated, enriched, and routed to the correct owners. You will partner with secure business enablement and product teams to negotiate remediation paths and SLAs, propose compensating controls when necessary, and manage governance workflows for risk acceptances. Additionally, you will close the loop with researchers through clear communications and proof-of-fix retesting, continuously improve signal quality, and contribute as an adversary when needed to validate edge case chains.

Requirements

  • 3–5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing.
  • Proven ability to validate complex issues and write concise, repeatable steps with screenshots/PoCs.
  • Experience with EASM and VDP/bug bounty platforms and their triage mechanics.
  • Familiarity with enterprise VM & tracking tools and platform scanners.
  • Working knowledge of cloud (AWS/Azure), web & API security, PKI/TLS hygiene, DNS, and internet exposed service hardening.
  • Scripting skills in Python/PowerShell/Bash for repeatable validation and data wrangling.
  • Exceptional written communication skills.

Nice To Haves

  • Exposure to EPSS/KEV driven prioritization and attack path/graph concepts.
  • Experience with cloud posture and SaaS posture signals.
  • Building tuning logic for scanners and platform rules.
  • Certifications such as OSCP, GWAPT, GPEN, or equivalent demonstrable skill; CISSP is a plus.

Responsibilities

  • Validate and reproduce findings from EASM and VDP submissions.
  • Use manual techniques and penetration testing frameworks to confirm exploitability and business impact.
  • Right-size severity and priority using exploitability signals and document rationale and evidence.
  • Deduplicate, enrich, and route findings to the correct owners; eliminate false positives.
  • Partner with secure business enablement and product teams to negotiate remediation paths and SLAs.
  • Propose compensating controls or layered fixes when one-shot remediation isn’t feasible.
  • Manage governance workflows for risk acceptances and ensure issues aging and SLAs are visible.
  • Close the loop with researchers through clear communications and proof-of-fix retesting.
  • Continuously improve signal quality by tuning rules/policies and authoring repeatable runbooks.
  • Contribute as an adversary to validate edge case chains and confirm impact beyond tool output.

Benefits

  • A front row seat reducing real-world external risk.
  • Growth pathways into pen testing, threat modeling/assurance, or VM program leadership.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service