Job Openings Vulnerability Analyst

About the job Vulnerability Analyst

  • Vulnerability Analysts aid in the identification, assessment, and communication of new and emergent threats in the cybersecurity landscape, specifically vulnerability intelligence and detections. As a Vulnerability Analyst, you will be expected to familiarize yourself with high-impact and critical vulnerabilities, proofs-of-concept, and reports of in-the-wild exploitation, producing and reviewing intelligence summaries accessible to Client's customers.

    Specific Duties and Responsibilities:
  • Vulnerability Lead Identification and Analysis: You will be tasked with the prompt identification, analysis, and comprehensive assessment of emerging cybersecurity threats, specifically recently disclosed or exploited vulnerabilities.
    • Subject Matter: Your technical prowess will be crucial in ensuring our preparedness for potential risks and understanding the implications of prompt and thorough analysis of high-impact vulnerabilities.
    • Key Detail Identification: During research, identify and take note of infection chains, host and network IoCs, malware samples, threat actors, exposed vulnerable instances, publicly available proofs-of-concept, and MITRE ATT&CK tactics and techniques
  • Author Insikt Notes: Write TTP Instances detailing identified vulnerability leads. TTP 
  • Instances include a combination of information from open-source reporting and your own analysis (i.e. code review). Each TTP Instance should comprehensively address the nature of the threat, its potential impact, suggested mitigation strategies, and a succinct summary for quick referencing.
    • Cadence: Write at least 2 TTP Instance notes daily
    • Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.
  • Detection Engineering: Design and develop Nuclei templates for vulnerability scanning, ensuring these templates are tailored to detect new and emerging vulnerabilities efficiently.
    • Cadence: Create at least 1 Nuclei template per month with assistance from our Senior Vulnerability Analyst
    • Delivery: Nuclei templates will be delivered alongside a TTP Instance.
  • Information Security: Adhere to and implement the company's quality and information security policies and carry out its processes and procedures accordingly.
    • Protect client-supplied and generated-for-client information from unauthorized access, disclosure, modification, destruction, or interference.
    • Carry out tasks as assigned and aligned with particular processes or activities related to information security.
    • Report any potential or committed non-conformity, observation and/or security event or risks to your immediate superior.

Qualification

  • B.S. equivalent in computer science, information systems, or cyber intelligence
  • 1 - 2 years of minimum professional experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment.
  • A solid grasp of fundamental cybersecurity principles, attack trajectories, and techniques for vulnerability analysis.
  • Nice to have:
    • Experience creating Nuclei templates.
    • Practical experience with network and web application penetration testing tools, such as Burp Suite, Nmap, Fiddler, ZAP, Metasploit, and Wireshark.
    • Familiarity with scripting and programming languages such as YAML, Python, Golang, JavaScript, C, etc.
    • Familiarity with malware detections, including YARA, Sigma, and Snort

      A

Or refer someone