Junior Vulnerability Analyst

Infinit-O is the trusted customer-centric and sustainable leader in Business Process Optimization. We empower finance and healthcare organizations to thrive in a digital-first world by combining specialized industry expertise and innovative technology for 20 years.

We navigate complex industry landscapes to drive transformative outcomes helping businesses streamline operations enhance customer experience and achieve sustainable growth backed by a world-class Net Promoter Score of 75. Our approach combines operational efficiency with a human-centered ethos ensuring sustainable value creation for our clients and team members.

As a Certified B Corporation Infinit-O is committed to the highest standards of social and environmental performance accountability and transparency. We embed these values into every aspect of our operationsaligning business success with a positive impact on our clients people and communities.

Our commitment to Diversity Equity and Inclusion (DEI) is integral to our mission. We believe that building inclusive equitable teams is not only the right thing to doit is also essential for driving innovation and better business outcomes. We actively promote equal opportunity through inclusive hiring practices continuous learning programs and regular equity assessments to ensure a fair and empowering workplace for all.

Role Background

Junior Vulnerability Analysts under the close mentorship of their senior peers and leadership teams aid in identifying assessing and communicating new and emerging threats in the cybersecurity landscape specifically as they pertain to vulnerability intelligence. As a Junior Vulnerability Analyst you will be expected to familiarize yourself with high-impact and critical vulnerabilities proofs-of-concept and reports of in-the-wild exploitation producing and reviewing intelligence summaries accessible to the clients customers.

Specific Duties and Responsibilities

Vulnerability Lead Identification and Analysis: You will be tasked with the prompt identification analysis and comprehensive assessment of emerging cybersecurity threats specifically recently disclosed or exploited vulnerabilities.

Subject Matter: Your ability to stay informed on breaking cybersecurity news advisories and exploitation activity will be crucial in ensuring we provide prompt coverage and thorough analysis of high-impact

vulnerabilities.

Key Detail Identification: During research identify and take note of the root cause of a vulnerability exploitation chains post-exploitation activity (including any host and network IoCs and malware samples) threat actors exposed vulnerable instances publicly available proofs-of-concept and MITRE ATT&CK tactics and techniques

Author Insikt Notes: Write TTP Instances detailing identified vulnerability leads. TTP Instances include a combination of information from open-source reporting and your own analysis (i.e. code review). Each TTP Instance should comprehensively address the nature of the threat its potential impact suggested mitigation strategies and a succinct summary for quick referencing. Cadence: Write up to 2 TTP Instance notes daily

Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.

Detection Engineering: Design and develop Nuclei templates for vulnerability scanning ensuring these templates are tailored to detect new and emerging vulnerabilities efficiently.

Cadence: Create at least 1 Nuclei template per month with assistance from our Senior Vulnerability Analyst

Delivery: Nuclei templates will be delivered alongside a TTP Instance. Junior Analysts: For Junior Analysts detection engineering training will be provided as you mature within your role on the team. Experience deploying or writing Nuclei templates is not required for this role.

Information Security: Adhere to and implement Infinit-Os quality and information security policies and carry out its processes and procedures accordingly. Protect client-supplied and generated-for-client information from unauthorized access disclosure modification destruction or interference (see also Table of Offenses)

Carry out tasks as assigned and aligned with particular processes or activities related to information security.

Report any potential or committed non-conformity observation and/or security event or risks to your immediate superior.

Requirements

Required Skills

Strong written communication in English

Demonstrable experience writing reports on technical subject matter (e.g. vulnerability exploits malware infection chains offensive security tools) in a clear concise and logical format

Disciplined time management

Self-starting self-motivated and thrive in a collaborative environment Accountability combined with the ability to receive and apply constructive feedback from peers and leadership

Minimum Qualifications

B.S. equivalent in computer science information systems or cyber intelligence

At least 6 months of minimum professional experience in cybersecurity threat intelligence or information technology

Genuine interest in reading about cybersecurity topics and technical subject matter such as vulnerability analysis exploitation and proofs-of-concept Demonstrable experience researching and analyzing new cyber threats Demonstrable experience in technical writing showcasing an ability to translate complex technical concepts into engaging reader-friendly content. Your capability will be assessed via a writing sample.

A meticulous attention to detail underscoring a commitment to accuracy and thoroughness in all aspects of work.

Capable of functioning effectively within a team as well as independently. Preferred Qualifications But Not Required

Practical experience using common threat intelligence analysis models such as MITRE ATT&CK D3FEND the Diamond Model and the Cyber Kill Chain. Familiarity with and use of common cyber threat intelligence tools such as DomainTools VirusTotal Shodan etc.

Practical experience with network and web application penetration testing tools such as Burp Suite Nmap ZAP Metasploit and Wireshark.

Familiarity with scripting and programming languages such as YAML Python Golang JavaScript etc.

Prior experience within vulnerability management or vulnerability remediation. Experience creating Nuclei templates.