Vulnerability Disclosure Analyst

Flashpoint

About The Position

Flashpoint is the pioneering leader in threat data and intelligence. We empower commercial enterprises and government agencies to decisively confront complex security challenges, reduce risk, and improve operational resilience amid fast-evolving threats. Through the Flashpoint Ignite platform, we deliver unparalleled depth, breadth and speed of data from highly relevant sources, enriched by human insights. Our solutions span cyber threat intelligence, vulnerability intelligence, geopolitical risk, physical security, fraud and brand protection. The result: our customers safeguard critical assets, avoid financial loss, and protect lives. Discover more at flashpoint.io Are you an experienced cybersecurity professional that enjoys all aspects of vulnerability intelligence, analysis, and collection and wants to be a part of a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market? We are looking for a Vulnerability Disclosure Analyst to join our team, here at Flashpoint. In this role you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.

Requirements

High reading comprehension, attention to detail, and deductive reasoning.
Writing skills and an affinity for writing research papers and summarizing complex subjects into short entries.
Self-motivated and can work independently and in collaboration with others.
Compassion for customer needs and a desire to work in a client-sense business.
Some coding experience in one or more languages, such as C/C++, Java, Python, and Ruby, to the level where you can identify vulnerabilities when reading the code.
Some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.
Conducted security testing, vulnerability and network scanning, and penetration testing.
Understand the concepts of Windows and Linux operating systems, access controls, and privilege levels.
Familiar with many widely used web applications, client and software, and web browsers.
In-depth knowledge of common security software and hardware vulnerabilities and attack vectors.
Deep familiarity with OWASP top 20.
Understanding of secure coding practices, cryptography, and authentication protocols.
In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
Some experience with scripted languages (preferably Python3) and compiled languages (preferably C).

Responsibilities

Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.
Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.
Assist team members during peak activity periods to ensure the timeliness of high-quality data.
Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality.
Stay current with the latest security threats, vulnerabilities, and industry best practices.
Provide mentorship and technical guidance to junior analysts and serve as a subject matter expert on vulnerabilities to the wider team.
Collaborate with other teams such as Product, Engineering, and Customer Success to solve customer challenges, clarify technical content, and be customer-oriented.