Vulnerability Researcher
Remote in the United States
Applications have closed
Flashpoint
Flashpoint is a data and intelligence company that empowers our customers to take rapid, decisive action to stop threats and reduce riskAre you an experienced cybersecurity professional who enjoys all aspects of vulnerability intelligence, analysis, and collection and wants to be a part of a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market?
As a Vulnerability Researcher at Flashpoint, you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.
Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io.
We have a role for you if
- You possess high reading comprehension, attention to detail, and deductive reasoning.
- You have writing skills and an affinity for writing research papers and summarizing complex subjects into short entries.
- You have compassion for customer needs and a desire to work in a client-sense business.
- You have some coding experience In one or more languages such as C/C++, Java, Python, and Ruby to the level where you can identify vulnerabilities when reading the code.
- You have some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.
- You conducted security testing, vulnerability and network scanning, and penetration testing.
- You understand Windows and Linux operating systems concepts, access controls, and privilege levels.
- You are familiar with many widely used web applications, client and server software, and web browsers.
What you will get to do on our team
- Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.
- Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.
- Assist team members during peak activity periods to ensure the timeliness of high-quality data.
- Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality.
- Twenty percent of the job requires doing independent vulnerability research and writing reports and whitepapers. The job would require staying current with the latest security threats, vulnerabilities, and industry best practices.
- Provide mentorship and technical guidance to junior researchers and analysts and serve as a subject matter expert to the wider team.
- Collaborate with other teams such as Product, Engineering and Customer Success to solve customer challenges, provide clarity to technical content, and be customer-oriented.
What you will achieve
- Within 30 days
- You will have analyzed and reviewed new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.
- Within 60 days
- You will have analyzed vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities.
- By 90 days
- You will have done some independent vulnerability research and written basic reports.
- Provided mentorship and technical guidance to junior researchers and analysts and served as a wider team's subject matter expert.
- Collaborated with other teams such as Product, Engineering, and Customer Success to solve customer challenges and to clarify technical content.
To be successful in this role, you will need
- In-depth knowledge of common security software and hardware vulnerabilities and attack vectors. Deep familiarity with OWASP top 20.
- Understanding of secure coding practices, cryptography, and authentication protocols.
- In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
- Some programming experience with scripted languages (preferably Python3) and compiled languages (preferably C).
Base Pay Range: Salary ranges are determined by role, level, and location. Individual pay is determined by state, work location, and additional factors including job-related skills, experience, specialized skills or certifications, and relevant education or training. This position is eligible for incentive bonus compensation, and medical, dental, vision, life insurance, and 401K. Your recruiter can share more about the specific details of the compensation and benefits package during the interview process.
Why Flashpoint is a Great Place to Work:
- Diversity. Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
- Culture and Belonging. Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become. You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more.
- Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment. That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
- Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.
Are you unsure if this role suits you or not? Unsure about the timing? Interested in future opportunities? Stay connected by joining our Talent Network. By doing so, you'll stay updated with Flashpoint news and upcoming career opportunities. Even if you're not ready to apply now, being part of our Talent Network ensures you won't miss out on exciting opportunities in the future.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C Cryptography DevSecOps DNS Exploit Exploits Java Linux Open Source OSINT OWASP Pentesting Python Risk management Ruby Security assessment TCP/IP Threat intelligence Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Equity Health care Salary bonus Startup environment Team events Wellness
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Manager Pentest H/F jobs
- Open Chief Information Security Officer jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open EDR-related jobs
- Open IPS-related jobs