Vulnerability Importer
Remote
Applications have closed
Flashpoint
Flashpoint is a data and intelligence company that empowers our customers to take rapid, decisive action to stop threats and reduce riskCompany Description:
Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. To learn more about Flashpoint, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.
What we are looking for:
We are currently looking for a Vulnerability Importer to join our team in Richmond, VA. This role will be a contributor to our vulnerability database, VulnDB, that provides the most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring, and will be responsible for individually completing small complex projects and delivering components of large projects as part of a team.
What you will do:
- Provide entry level analysis and review of potential security issues, weeding out reports that do not meet criteria for inclusion in VulnDB
- Analyze vendor security advisories, researcher vulnerability reports, product changelogs, news articles, bug trackers, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities. RBS provides data sources, a list of keywords, and training
- Create base entries for new vulnerability reports for the team to validate and process and later also perform second level analysis and write up VulnDB entries to completion
- Update existing vulnerability entries with new vulnerability details within the system, references, product information, exploit availability, fix availability and similar
What you will bring:
- Experience in data entry, data analysis, and database review
- A basic understanding of operating systems concepts including mobile OS and privilege levels
- General familiarity with many of the more widely used web applications, client and server software, and web browsers is preferable
- Reading comprehension is a significant part of the job along with excellent writing skills
- The candidate is expected to be methodical, observant, and pay attention to details
- Self motivation and the ability to work independently once trained
- Excellent communication skills and the ability to ask for help when needed
Nice to have:
- A basic understanding of vulnerability concepts and prevalent vulnerability types such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), path traversals, denial of service (DoS), buffer overflows, command injection, race conditions, open redirects, privilege escalation, authentication bypasses, XML External Entity (XXE) attacks and similar. This includes an understanding of privilege boundaries and what defines a vulnerability
- Entry level coding experience in one or more languages like C/C++, Java, C#, Python, Perl, Ruby, Go, JavaScript, PHP, and HTML
- Security industry experience, industry familiarity, or at least intellectual curiosity in the field of Information Security
- University or military course covering security principles and practices
Why Flashpoint is a Great Place to Work:
- Diversity. Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
- Culture and Belonging. Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become. You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more.
- Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment. That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
- Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.
- A Great Place to Work. Literally. According to the 99% of employees surveyed, Flashpoint earned designation as a Great Place to Work-Certified™ Company for 2021. 100% of employees agree that new hires are made to feel welcome and appreciated. If you are interested in learning more, please check out our Certified Profile.
Tags: C C++ CSRF DevSecOps Exploit Exploits Java JavaScript Monitoring Perl PHP Python Risk management Ruby Scripting SQL SQL injection Threat intelligence Vulnerabilities Vulnerability management XML XSS
Perks/benefits: Career development Fitness / gym Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs