[Remote] Sr. Vulnerability Analyst (Maryland)

Note: The job is a remote job and is open to candidates in USA. VulnCheck is a company that delivers next-generation exploit and vulnerability intelligence solutions. They are seeking a Senior Vulnerability Analyst to advance vulnerability analysis and threat intelligence, leveraging expertise in the CVE process and frameworks like MITRE ATT&CK and CVSS. Responsibilities • Map vulnerabilities: Analyze and map discovered vulnerabilities to MITRE ATT&CK techniques and CAPEC attack patterns with precision and consistency • CWE assignment: Determine and assign accurate CWE (Common Weakness Enumeration) IDs, producing well-documented rationales • CVSS calculation: Authoritatively calculate CVSS v3/v4 base scores, providing transparent, defensible justifications • CVE Processing: Review, draft, and curate CVE Records, ensuring data quality, fidelity, and consistency with CVE Program standards • Collaboration: Liaise with vulnerability researchers, product security teams, and standards communities to ensure best practices and knowledge transfer • Process improvement: Develop and refine workflows and playbooks for vulnerability triage, mapping, and reporting • Mentorship: Share your expertise by mentoring junior analysts and driving team knowledge-sharing initiatives Skills • Proven experience with the CVE Program—either as an analyst, CNA, or significant contributor in a major software or security organization • Expert knowledge of MITRE ATT&CK, CAPEC, CWE, and working experience mapping vulnerabilities to these frameworks • Advanced understanding of CVSS (v3 and v4), including real-world application to vulnerability scoring and risk communication • Strong analytical, technical, and research skills, with a passion for data quality and process rigor • Exceptional written and verbal communication skills—including the ability to translate complex technical details for diverse audiences • Experience engaging with community initiatives, standards bodies, or open-source projects in the vulnerability or threat intelligence space is highly desirable • Experience contributing to the evolution of vulnerability standards (e.g., participation in CVE Editorial Boards, CAPEC Working Groups, or similar) • Familiarity with automation tools or programming/scripting languages (Python, Golang, etc.) for data enrichment or workflow improvement • Published research, whitepapers, or presentations in the field of vulnerability analysis, mapping, or threat intelligence Benefits • Competitive compensation package. • Comprehensive, 100% company-paid medical, dental, and vision plans. • Flexible work arrangements with the option to work remotely. • Dynamic work environment with opportunities for growth and advancement. • Access to continuous learning and development programs. Company Overview • VulnCheck delivers advanced cyber threat intelligence, offering exploit and vulnerability insights to help organizations stay secure. It was founded in 2021, and is headquartered in Lexington, Massachusetts, USA, with a workforce of 51-200 employees. Its website is https://vulncheck.com. Apply tot his job Apply To this Job