The External Attack Surface Management (EASM) Validation Analyst is responsible for triaging validating and operationalizing external security findings across EASM platforms Vulnerability Disclosure Program (VDP) and GenAI-driven discovery capabilities. This role ensures that externally identified risks are accurate prioritized appropriately attributed to the correct owners and driven toward remediation enabling scalable risk reduction across the enterprise attack surface.

Key Responsibilities

• Triage and validate findings from EASM tools VDP submissions and GenAI-driven detection capabilities

• Perform technical validation to eliminate false positives and confirm exploitability risk

• Assign severity based on risk frameworks (CVSS EPSS KEV asset criticality)

• Identify and attribute ownership to responsible application infrastructure or business teams

• Enrich findings with evidence proof-of-concept and remediation guidance

• Drive findings through remediation workflows tracking SLA adherence and escalation

• Correlate findings across multiple sources to identify systemic risks or duplicate exposures

• Maintain and improve triage playbooks workflows and standard operating procedures

Platform & Operations Management

• Administer and support EASM and VDP platforms (e.g. Censys Defender EASM HackerOne BugCrowd)

• Manage integrations with enterprise systems

• Ensure data quality ingestion accuracy and workflow integrity across platforms

• Monitor platform performance uptime and SLA adherence

• Support onboarding of new capabilities including GenAI detection pipelines

Collaboration & Stakeholder Engagement

• Partner with application owners infrastructure teams and security teams to drive remediation

• Communicate risk in a clear actionable manner for both technical and non-technical stakeholders

• Work with VDP researchers when needed to clarify submissions and validate findings

• Collaborate with broader vulnerability management and EASM/VDP leadership to improve processes

Required Qualifications

• 2-5 years of experience in cybersecurity vulnerability management or application security

• Strong understanding of web API cloud and network security concepts

• Experience with vulnerability triage validation and risk prioritization

• Familiarity with EASM tools and vulnerability management platforms

• Knowledge of VDP or bug bounty programs and triage methodologies

• Strong analytical and problem-solving skills

Preferred Qualifications

• Experience with scripting (Python PowerShell Bash)

• Familiarity with GenAI-assisted security tooling

• Experience working with ServiceNow VR/IRM UVM platforms or similar systems

• Knowledge of SaaS cloud environments (AWS Azure) and internet-exposed services

• Industry certifications (Security CEH OSCP CISSP - Associate level)

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.