Vulnerability Analyst - External Attack Surface & VDP

What you'll do

• Validate & reproduce findings from EASM ( internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact.

• Right - size severity & priority using exploitability signals (e.g., public exploit, EPSS/KEV), control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on.

• De duplicate, enrich & route findings to the correct owners; eliminate false positives; merge related signal (scanner output, logs, asset inventory, prior exceptions) and ensure single threaded tracking to closure.

• Partner with secure business enablement & product teams to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when " one-shot " remediation isn't feasible .

• Partner on governance workflows for risk acceptances, rating overrides, and re acceptance cycles; ensure issues aging and SLAs are visible in our dashboards.

• Close the loop with researchers (for VDP) through clear, respectful communications and crisp proof - of - fix retesting.

• Continuously improve signal quality by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vuln classes.

• Contribute as an adversary when needed ( mini - engagements ) to validate edge case chains and confirm impact beyond tool output.

What you'll bring

• 3 - 5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing (internal or consulting).

• Proven ability to validate complex issues (param tampering, authN /Z bypass, SSRF, injection, IDOR, misconfig , cloud/API exposures) and write concise, repeatable steps with screenshots/ PoCs .

• Experience with EASM (e.g., Censys , Defender EASM, Cortex Xpanse ) and VDP/bug bounty platforms (e.g., HackerOne , Bugcrowd ) and their triage mechanics.

• Familiarity with enterprise VM & tracking (ServiceNow VR/IRM, Jira, Archer/Risk Register), and with platform scanners (Qualys/ Tenable/ NessBurp/ZAP).

• Working knowledge of cloud (AWS/Azure), web & API security, PKI/TLS hygiene, DNS, and internet e xposed service hardening.

• Scripting (Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful.

• Exceptional written communication-capable of translating technical risk into actionable guidance and executive clarity.

Nice - to - have exposure

• EPSS/ KEV driven prioritization, attack path/graph concepts, and risk quant inputs.

• Cloud posture and SaaS posture signals (SSPM) that intersect with external exposure.

• Building tuning logic for scanners and platform rules (e.g., policy libraries, discovery seeds, asset correlation).

• Certifications such as OSCP , GWAPT , GPEN (or equivalent demonstrable skill) are a plus; CISSP nice - to - have.

What's in it for you

• A front row seat reducing real-world external risk-turning noisy findings into decisive action .

• Growth pathways into pen testing , threat modeling/assurance , or VM program leadership .

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.