Software Vulnerability Analyst

About the position

The position requires a candidate with a broad knowledge of various vulnerability types and exploitation techniques. The individual will be responsible for summarizing vulnerability discovery reports into CVE records, necessitating strong analytical and writing skills. The role also involves interacting with a diverse set of requesters, including vulnerability researchers, vendors, end users, and academics from around the world, highlighting the need for effective interpersonal skills. Additionally, the candidate should be capable of reading code in languages such as PHP, Python, and C/C++, with the ability to identify weaknesses within the code, although writing code is not a required skill. The position demands the ability to interpret outputs from vulnerability reporting tools, such as stack traces and crash reports, and a solid understanding of general security models across various technologies, including networking, applications, cryptology, web, embedded systems, and kernel security. Familiarity with the Coordinated Vulnerability Disclosure (CVD) process and the role of CVEs within it is also essential. The candidate should possess the analytical and interpersonal skills necessary to manage disputes regarding the classification of findings as vulnerabilities.