Principal Vulnerability Analyst

Do you want to expose and help mitigate vulnerabilities targeting power plants, water facilities, manufacturing systems, and other industrial control systems? Dragos works to discover these threats, develop innovative analytics for detection, support investigations and incident response, and provide customers with world-class vulnerability analysis. Unlike many other teams with a broader mission, we focus solely on operational threats to industrial control networks; this gives our analysts the time and space necessary to do world-class research and intelligence on the most critical components of infrastructure.
Dragos secures civilization by providing cyber security to industrial control environments worldwide. As a Principal Vulnerability Analyst you will evaluate control systems, operational networks, and ICS applications to measure the impact of exploits and attacks. You will then inform customers to enable decision making and develop analytics to detect their use in operational environments.
At Dragos, we are not traditional intelligence analysts; we are hunters of evil which threatens the functions of civil society. We are dedicated to the idea that intelligence not properly communicated is not intelligence at all. We strive to identify true and accurate impact of threats within the environment, allowing customers to properly assess the risk. If you are excited about this opportunity, please let us know!

Responsibility

• Monitor vulnerability sources assessing their impact and measuring severity to customer operations
• Analyze vulnerabilities and exploit code
• Analyze systems, networks, applications for vulnerabilities
• Translate analysis into both behavioral analytics and contextual reporting
• Conduct trend analysis to identify patterns and particular areas of concern
• Work with a variety of partners to properly manage vulnerabilities
• Support incident response and threat operations with on-demand analysis
• Integrate vulnerability into threat intelligence providing a cohesive narrative for customers

Requirements

• 5+ years analyzing vulnerabilities and exploit code
• Demonstrated ability to quickly validate and assess a vulnerability based on description alone
• 5+ years developing, deploying, or evaluating proof-of-concept code related to vulnerabilities
• 3+ years writing customer-facing material translating technical details and informing decision-makers and operators
• 3+ years monitoring vulnerability reporting sources and triaging reports by likely impact on operations
• Demonstrated ability to appreciate a vulnerability’s impact on both IT and ICS operations with a measured understanding of the real-world effect
• An in-depth understanding of vulnerability scoring mechanisms along with their benefits and challenges

Nice to have

• Experience with industrial control systems and their vulnerabilities
• Experience reverse engineering malware with static and dynamic tools and techniques and familiarity with malware code constructs
• Experience developing YARA, snort, and Bro signatures
• Experience working with an operations center and incident response team
• Experience with Python

Salary:
Principal Vulnerability Analyst: $140,000Principal Vulnerability Analyst II: $160,000
Dragos is the Industrial Cybersecurity expert on a relentless mission to safeguard civilization.  In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm.  Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders around the world with the knowledge and tools to protect their systems as effectively and efficiently as possible.  Founded by world-class industrial intelligence experts, Dragos has the industry’s largest team of ICS/OT practitioners who have been on the front lines of the world’s most significant industrial cyber-attacks.  Diversity, Equity, and Inclusion is a core value at Dragos, and we are passionate about building and sustaining an inclusive and equitable working environment for all.  We know that every member of our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and discover, design, and deliver solutions.  Not only does a Diversity, Equity, and Inclusion focus enrich our environment and teams, but it is also critical in our success as we defend adversaries all over the world.  The broad range of ideas, experiences, and perspectives is critical to our success.  We offer equity, competitive salaries, remote working, unlimited PTO, and a comprehensive benefits package including medical, dental, vision, disability, 401K, and life insurance. Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws.