Vulnerability Analyst
Vulnerability Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
1Year
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Infinit-O isn t just about business process optimization we re about people. For over 20 years we ve been helping some of the world s fastest-growing companies in Financial Services Healthcare and Technology achieve multiple strategic advantages through data-driven solutions high-performance teams and cutting-edge technology. Our world-class Net Promoter Score of 75 reflects our commitment to excellence and client satisfaction.
But what truly sets us apart is our culture. At Infinit-O we believe that diversity equity and inclusion are the foundation of innovation and sustainable growth. We embrace differences empower perspectives and create equal opportunities for everyone. Our people-first approach has earned us the Great Place To Work Certification three times and as a B Corp Certified company we re dedicated to making a positive impact not just in business but in the communities we serve.
With a highly engaged and innovative team we don t just optimize processes we also create meaningful change.
What is the role that we need We are looking for a Vulnerability Analyst to join our team.
Vulnerability Analysts aid in the identification assessment and communication of new and emergent threats in the cybersecurity landscape specifically vulnerability intelligence and detections. As a Vulnerability Analyst you will be expected to familiarize yourself with high-impact and critical vulnerabilities proofs-of-concept and reports of in-the-wild exploitation producing and reviewing intelligence summaries accessible to Clients customers.
Specific Duties and Responsibilities
Vulnerability Lead Identification and Analysis: You will be tasked with the prompt identification analysis and comprehensive assessment of emerging cybersecurity threats specifically recently disclosed or exploited vulnerabilities.
Subject Matter: Your technical prowess will be crucial in ensuring our preparedness for potential risks and understanding the implications of prompt and thorough analysis of high-impact vulnerabilities.
Key Detail Identification: During research identify and take note of infection chains host and network IoCs malware samples threat actors exposed vulnerable instances publicly available proofs-of-concept and MITRE ATT&CK tactics and techniques
Author Insikt Notes: Write TTP Instances detailing identified vulnerability leads. TTP Instances include a combination of information from open-source reporting and your own analysis (i.e. code review). Each TTP Instance should
comprehensively address the nature of the threat its potential impact suggested mitigation strategies and a succinct summary for quick referencing. Cadence: Write at least 2 TTP Instance notes daily
Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.
Detection Engineering: Design and develop Nuclei templates for vulnerability scanning ensuring these templates are tailored to detect new and emerging vulnerabilities efficiently.
Cadence: Create at least 1 Nuclei template per month with assistance from our Senior Vulnerability Analyst
Delivery: Nuclei templates will be delivered alongside a TTP Instance. Information Security: Adhere to and implement Infinit-Os quality and information security policies and carry out its processes and procedures accordingly. Protect client-supplied and generated-for-client information from unauthorized access disclosure modification destruction or interference (see also Table of Offenses)
Carry out tasks as assigned and aligned with particular processes or activities related to information security.
Report any potential or committed non-conformity observation and/or security event or risks to your immediate superior.
Required Skills
Strong written communication in English
Demonstrable experience writing reports on technical subject matter (e.g. vulnerability exploits malware infection chains offensive security tools) in a clear concise and logical format
Disciplined time management
Self-starting self-motivated and thrive in a collaborative environment Ability to receive and apply constructive feedback from peers and leadership
Minimum Qualifications
B.S. equivalent in computer science information systems or cyber intelligence 1 - 2 years of minimum professional experience in cybersecurity with a focus on threat detection penetration testing or vulnerability assessment.
A solid grasp of fundamental cybersecurity principles attack trajectories and techniques for vulnerability analysis.
Demonstrable experience researching and analyzing new cyber threats. Practical experience using common threat intelligence analysis models such as MITRE ATT&CK D3FEND the Diamond Model and the Cyber Kill Chain.
Familiarity with and use of common cyber threat intelligence tools such as DomainTools VirusTotal Shodan etc.
Demonstrable experience in technical writing showcasing an ability to translate complex technical concepts into engaging reader-friendly content. Demonstrably strong writing ability to be assessed via a writing sample A meticulous attention to detail underscoring a commitment to accuracy and thoroughness in all aspects of work.
Capable of functioning effectively within a team as well as independently.
Preferred Qualifications
Experience creating Nuclei templates.
Practical experience with network and web application penetration testing tools such as Burp Suite Nmap Fiddler ZAP Metasploit and Wireshark. Familiarity with scripting and programming languages such as YAML Python Golang JavaScript C etc.
Required Skills Strong written communication in English Demonstrable experience writing reports on technical subject matter (e.g. vulnerability exploits, malware infection chains, offensive security tools) in a clear, concise, and logical format Disciplined time management Self-starting, self-motivated, and thrive in a collaborative environment Ability to receive and apply constructive feedback from peers and leadership Minimum Qualifications B.S. equivalent in computer science, information systems, or cyber intelligence 1 - 2 years of minimum professional experience in cybersecurity, with a focus on threat detection, penetration testing, or vulnerability assessment. A solid grasp of fundamental cybersecurity principles, attack trajectories, and techniques for vulnerability analysis. Demonstrable experience researching and analyzing new cyber threats. Practical experience using common threat intelligence analysis models such as MITRE ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain. Familiarity with and use of common cyber threat intelligence tools such as DomainTools, VirusTotal, Shodan, etc. Demonstrable experience in technical writing, showcasing an ability to translate complex technical concepts into engaging, reader-friendly content. Demonstrably strong writing ability, to be assessed via a writing sample A meticulous attention to detail, underscoring a commitment to accuracy and thoroughness in all aspects of work. Capable of functioning effectively within a team as well as independently. Preferred Qualifications Experience creating Nuclei templates. Practical experience with network and web application penetration testing tools, such as Burp Suite, Nmap, Fiddler, ZAP, Metasploit, and Wireshark. Familiarity with scripting and programming languages such as YAML, Python, Golang, JavaScript, C, etc. Prior experience within a quick reaction or incident response team environment. Familiarity with malware detections, including YARA, Sigma, and Snort.
Education
Bachelor's Degree
Employment Type
Full Time
