Cybersecurity Vulnerability Analyst

Cybersecurity Vulnerability Analyst Cybersecurity Vulnerability AnalystJob LocationsUS-MD-LinthicumRequisition ID2026-167091Position CategoryIntel and Threat AnalysisClearanceSecret Responsibilities This Cybersecurity Vulnerability Analyst supports a Vulnerability Disclosure Program (VDP) within the federal government and is responsible for reviewing and vetting security vulnerability reports submitted to the DoD VDP from outside hackers. The Analyst will evaluate the reports to ensure the vulnerability is reproducible and tfore valuable to the customer. They will assess each vulnerability for severity and assign an associated risk statement. The HackerOne Triage console tool will be utilized to assist in assigning and prioritizing reports. It will also assist the Analyst in helping identify duplicate submissions. Valid reports will be written in a DoD approved format and sent to the Vulnerability Management Analyst team for system owner coordination and mitigation. The Vulnerability Analyst will be a VDP liaison with the hacker community.

The Vulnerability Analyst will also:

Utilize offensive toolsets such as Kali Linux to safely analyze production networks and systems, documenting steps and procedures to produce usable vulnerability assessments for the customer.

Identify and investigate vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems.

Conduct web application vulnerability assessment testing using both automated tools and manual web exploitation techniques, using tools such as Burp Suite and open-source toolsets.

Utilize a variety of industry standard security tools to conduct automated scans against systems and applications.

Develop and execute proof-of-concept exploits to demonstrate the real-world impact of identified vulnerabilities, utilizing various web exploitation methods.

This position is fully on-site M-F in the Baltimore-Metropolitan area. #DC3bonus

Qualifications Required Qualifications:

Education:

Bachelor's degree and 5+ years of experience, or Master's and 3+ years of experience, or PhD and 0+ years of experience. A degree in one of the following fields of study is highly desired: Information Technology, Computer Science, Cybersecurity, Information Systems, Software Engineering, or Data Science. An additional 4 years of relevant experience or specialized training may be considered in lieu of Bachelor's degree.

Security Clearance:

Active Secret clearance.

Certifications:

Active IAT Level II certification (CompTIA Security+ preferred).In-depth understanding of information security principles and practices.

Pentesting experience.

Utilize MITRE ATT&CK, CVSS, and NIST frameworks to assess vulnerability severity and risk impact.

In-depth understanding of web exploitation concepts and techniques.

Knowledge and understanding of the Open Web Application Security Project (OWASP) top 10.Experience operating in a professional IT or cybersecurity environment.

Experience investigating security events, threats and/or vulnerabilities.

Understand information security principles, technologies and practices.

Excellent customer service skills.

Preferred Additional Skills:

CEH, CCNA-Security, CySA+, OSCP (or equivalent), PenTest+ or similar certification a plus.

Completed multiple Hack-The-Box penetration testing labs and challenges, developing handson expertise in vulnerability ...For full information see follow application link. We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.