Vulnerability Researcher

Are you an experienced cybersecurity professional who enjoys all aspects of vulnerability intelligence, analysis, and collection and wants to be a part of a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market?

As a Vulnerability Researcher at Flashpoint, you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.

Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io.

We have a role for you if

• You possess high reading comprehension, attention to detail, and deductive reasoning.
• You have writing skills and an affinity for writing research papers and summarizing complex subjects into short entries.
• You have compassion for customer needs and a desire to work in a client-sense business.
• You have some coding experience In one or more languages such as C/C++, Java, Python, and Ruby to the level where you can identify vulnerabilities when reading the code.
• You have some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.
• You conducted security testing, vulnerability and network scanning, and penetration testing.
• You understand Windows and Linux operating systems concepts, access controls, and privilege levels.
• You are familiar with many widely used web applications, client and server software, and web browsers.

What you will get to do on our team

• Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.
• Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.
• Assist team members during peak activity periods to ensure the timeliness of high-quality data.
• Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality.
• Twenty percent of the job requires doing independent vulnerability research and writing reports and whitepapers. The job would require staying current with the latest security threats, vulnerabilities, and industry best practices.
• Provide mentorship and technical guidance to junior researchers and analysts and serve as a subject matter expert to the wider team.
• Collaborate with other teams such as Product, Engineering and Customer Success to solve customer challenges, provide clarity to technical content, and be customer-oriented.

What you will achieve

• Within 30 days

  • You will have analyzed and reviewed new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.

• Within 60 days

  • You will have analyzed vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities.

• By 90 days

  • You will have done some independent vulnerability research and written basic reports.
  • Provided mentorship and technical guidance to junior researchers and analysts and served as a wider team's subject matter expert.
  • Collaborated with other teams such as Product, Engineering, and Customer Success to solve customer challenges and to clarify technical content.

To be successful in this role, you will need

• In-depth knowledge of common security software and hardware vulnerabilities and attack vectors. Deep familiarity with OWASP top 20.
• Understanding of secure coding practices, cryptography, and authentication protocols.
• In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
• Some programming experience with scripted languages (preferably Python3) and compiled languages (preferably C).

Base Pay Range: Salary ranges are determined by role, level, and location. Individual pay is determined by state, work location, and additional factors including job-related skills, experience, specialized skills or certifications, and relevant education or training. This position is eligible for incentive bonus compensation, and medical, dental, vision, life insurance, and 401K. Your recruiter can share more about the specific details of the compensation and benefits package during the interview process.

Why Flashpoint is a Great Place to Work:

• Diversity. Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
• Culture and Belonging. Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become. You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more.
• Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment. That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
• Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.

Are you unsure if this role suits you or not? Unsure about the timing? Interested in future opportunities? Stay connected by joining our Talent Network. By doing so, you'll stay updated with Flashpoint news and upcoming career opportunities. Even if you're not ready to apply now, being part of our Talent Network ensures you won't miss out on exciting opportunities in the future.