Vulnerability Analyst

Company Description:

Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. To learn more about Flashpoint, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.

What we are looking for: 

We are currently looking for an experienced vulnerability analyst to join our structured data team.  This role is responsible for contributing to our vulnerability data team and vulnerability database. This includes analysis of high-quality data, accurate completion of vulnerability entries, assisting team members with entry, review, and additional research during periods of peak activity, and vulnerability testing. 

What you will do:

• Analyze vendor security advisories, researcher vulnerability reports, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities
• Write up standardized vulnerability entries and assist the team as needed to ensure accuracy and completeness of vulnerability data
• Occasionally test reported vulnerabilities e.g. in web applications to confirm their existence, details, and exploit requirements
• Update existing vulnerability entries with details, references, product information, exploit availability, fix availability, and similar based on public reports as well as internal research and analysis
• Occasionally assist with drafting responses to customer inquiries regarding vulnerability data

What you will bring: 

• Understanding of vulnerability concepts and prevalent vulnerability types such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), path traversals, denial of service (DoS), buffer overflows, command injection, race conditions, open redirects, privilege escalation, authentication bypasses, XML External Entity (XXE) attacks and similar. This includes an understanding of privilege boundaries and what defines a vulnerability
• Understanding of Windows and Linux operating systems concepts, access controls, and privilege levels
• Familiarity with C/C++, PHP, JavaScript, and HTML and the common coding mistakes that may lead to vulnerabilities
• Ability to test and reproduce (exploit) commonly reported web application vulnerabilities on Linux
• Ability to interpret AddressSanitizer (ASan) output
• Reading comprehension is a significant part of the job along with perfect writing skills
• The candidate is expected to be methodical, observant, and detail-oriented
• Self motivation and the ability to work independently
• Excellent communication skills and the willingness to ask for help when needed

Nice to have:

• Ability to read any of the following coding languages and knowledge of common coding mistakes that may lead to vulnerabilities: Java, C#, Python, Perl, Ruby, Go.
• General familiarity with many of the more widely used web applications, client and server software, and web browsers is preferable.
• Understanding of how to score vulnerabilities using CVSSv2 and CVSSv3.1.

Why Flashpoint is a Great Place to Work:

• Diversity.  Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
• Culture and Belonging.  Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become.  You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more. 
• Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment.  That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
• Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.
• A Great Place to Work. Literally. According to the 99% of employees surveyed, Flashpoint earned designation as a Great Place to Work-Certified™ Company for 2021. 100% of employees agree that new hires are made to feel welcome and appreciated. If you are interested in learning more, please check out our Certified Profile.