Principal Vulnerability Analyst
Remote - USA
Applications have closed
Dragos, Inc.
Dragos secures industrial assets across vertical industries. Learn more about how we protect critical industries to reinforce ICS/OT cybersecurity around the world.Dragos secures civilization by providing cyber security to industrial control environments worldwide. As a Principal Vulnerability Analyst you will evaluate control systems, operational networks, and ICS applications to measure the impact of exploits and attacks. You will then inform customers to enable decision making and develop analytics to detect their use in operational environments.
At Dragos, we are not traditional intelligence analysts; we are hunters of evil which threatens the functions of civil society. We are dedicated to the idea that intelligence not properly communicated is not intelligence at all. We strive to identify true and accurate impact of threats within the environment, allowing customers to properly assess the risk. If you are excited about this opportunity, please let us know!
Responsibility
- Monitor vulnerability sources assessing their impact and measuring severity to customer operations
- Analyze vulnerabilities and exploit code
- Analyze systems, networks, applications for vulnerabilities
- Translate analysis into both behavioral analytics and contextual reporting
- Conduct trend analysis to identify patterns and particular areas of concern
- Work with a variety of partners to properly manage vulnerabilities
- Support incident response and threat operations with on-demand analysis
- Integrate vulnerability into threat intelligence providing a cohesive narrative for customers
Requirements
- 5+ years analyzing vulnerabilities and exploit code
- Demonstrated ability to quickly validate and assess a vulnerability based on description alone
- 5+ years developing, deploying, or evaluating proof-of-concept code related to vulnerabilities
- 3+ years writing customer-facing material translating technical details and informing decision-makers and operators
- 3+ years monitoring vulnerability reporting sources and triaging reports by likely impact on operations
- Demonstrated ability to appreciate a vulnerability’s impact on both IT and ICS operations with a measured understanding of the real-world effect
- An in-depth understanding of vulnerability scoring mechanisms along with their benefits and challenges
Nice to have
- Experience with industrial control systems and their vulnerabilities
- Experience reverse engineering malware with static and dynamic tools and techniques and familiarity with malware code constructs
- Experience developing YARA, snort, and Bro signatures
- Experience working with an operations center and incident response team
- Experience with Python
Principal Vulnerability Analyst: $140,000Principal Vulnerability Analyst II: $160,000
Dragos is the Industrial Cybersecurity expert on a relentless mission to safeguard civilization. In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders around the world with the knowledge and tools to protect their systems as effectively and efficiently as possible. Founded by world-class industrial intelligence experts, Dragos has the industry’s largest team of ICS/OT practitioners who have been on the front lines of the world’s most significant industrial cyber-attacks. Diversity, Equity, and Inclusion is a core value at Dragos, and we are passionate about building and sustaining an inclusive and equitable working environment for all. We know that every member of our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and discover, design, and deliver solutions. Not only does a Diversity, Equity, and Inclusion focus enrich our environment and teams, but it is also critical in our success as we defend adversaries all over the world. The broad range of ideas, experiences, and perspectives is critical to our success. We offer equity, competitive salaries, remote working, unlimited PTO, and a comprehensive benefits package including medical, dental, vision, disability, 401K, and life insurance. Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws.
Tags: Analytics Exploit Exploits ICS Incident response Industrial Malware Monitoring Python Reverse engineering Snort Threat intelligence Vulnerabilities
Perks/benefits: Competitive pay Equity Health care Insurance Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs