Company Description:

Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. To learn more about Flashpoint, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.

What we are looking for: 

We are currently looking for an experienced vulnerability mangler to join our structured data team.  This role is responsible for contributing to our vulnerability data team and vulnerability database. This includes analysis of high-quality data, accurate completion of vulnerability entries, assisting team members with entry, review, and additional research during periods of peak activity, and vulnerability testing. 

What you will do:

  • Analyze vendor security advisories, researcher vulnerability reports, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities
  • Write up standardized vulnerability entries and assist the team as needed to ensure accuracy and completeness of vulnerability data
  • Occasionally test reported vulnerabilities e.g. in web applications to confirm their existence, details, and exploit requirements
  • Update existing vulnerability entries with details, references, product information, exploit availability, fix availability, and similar based on public reports as well as internal research and analysis
  • Occasionally assist with drafting responses to customer inquiries regarding vulnerability data

What you will bring: 

  • Understanding of vulnerability concepts and prevalent vulnerability types such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), path traversals, denial of service (DoS), buffer overflows, command injection, race conditions, open redirects, privilege escalation, authentication bypasses, XML External Entity (XXE) attacks and similar. This includes an understanding of privilege boundaries and what defines a vulnerability
  • Understanding of Windows and Linux operating systems concepts, access controls, and privilege levels
  • Familiarity with C/C++, PHP, JavaScript, and HTML and the common coding mistakes that may lead to vulnerabilities
  • Ability to test and reproduce (exploit) commonly reported web application vulnerabilities on Linux
  • Ability to interpret AddressSanitizer (ASan) output
  • Reading comprehension is a significant part of the job along with perfect writing skills
  • The candidate is expected to be methodical, observant, and detail-oriented
  • Self motivation and the ability to work independently
  • Excellent communication skills and the willingness to ask for help when needed

Nice to have:

  • Ability to read any of the following coding languages and knowledge of common coding mistakes that may lead to vulnerabilities: Java, C#, Python, Perl, Ruby, Go.
  • General familiarity with many of the more widely used web applications, client and server software, and web browsers is preferable.
  • Understanding of how to score vulnerabilities using CVSSv2 and CVSSv3.1.

Why Flashpoint is a Great Place to Work:

  • Diversity.  Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
  • Culture and Belonging.  Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become.  You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more. 
  • Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment.  That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
  • Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.
  • A Great Place to Work. Literally. According to the 99% of employees surveyed, Flashpoint earned designation as a Great Place to Work-Certified™ Company for 2021. 100% of employees agree that new hires are made to feel welcome and appreciated. If you are interested in learning more, please check out our Certified Profile.

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Flashpoint’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.