Are you an experienced cybersecurity professional who enjoys all aspects of vulnerability intelligence, analysis, and collection and wants to be a part of a global team that provides timely, high-quality, and comprehensive vulnerability intelligence to the security market?

As a Vulnerability Researcher at Flashpoint, you will get to do all those things, including research and information gathering related to cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management.

Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at www.flashpoint.io.

We have a role for you if

You possess high reading comprehension, attention to detail, and deductive reasoning.
You have writing skills and an affinity for writing research papers and summarizing complex subjects into short entries.
You have compassion for customer needs and a desire to work in a client-sense business.
You have some coding experience In one or more languages such as C/C++, Java, Python, and Ruby to the level where you can identify vulnerabilities when reading the code.
You have some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.
You conducted security testing, vulnerability and network scanning, and penetration testing.
You understand Windows and Linux operating systems concepts, access controls, and privilege levels.
You are familiar with many widely used web applications, client and server software, and web browsers.

What you will get to do on our team

Analyze vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities (sources are provided) in order to author a detailed vulnerability entry based on findings. This task makes up eighty percent of day to day requirements of this role.
Analyze and review new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.
Assist team members during peak activity periods to ensure the timeliness of high-quality data.
Monitor work queues as needed to maintain balanced workloads and achieve turn-around standards, ensuring data quality.
Twenty percent of the job requires doing independent vulnerability research and writing reports and whitepapers. The job would require staying current with the latest security threats, vulnerabilities, and industry best practices.
Provide mentorship and technical guidance to junior researchers and analysts and serve as a subject matter expert to the wider team.
Collaborate with other teams such as Product, Engineering and Customer Success to solve customer challenges, provide clarity to technical content, and be customer-oriented.

What you will achieve

Within 30 days

You will have analyzed and reviewed new vulnerabilities for inclusion into the VulnDB product and update existing vulnerability entries with details, references, product information, exploit availability, and solutions.

Within 60 days

You will have analyzed vendor security advisories, research vulnerability reports, mailing lists, product changelogs, news articles, bug trackers, commits, exploits, and many other sources to identify issues that constitute legitimate vulnerabilities.

By 90 days

You will have done some independent vulnerability research and written basic reports.
Provided mentorship and technical guidance to junior researchers and analysts and served as a wider team's subject matter expert.
Collaborated with other teams such as Product, Engineering, and Customer Success to solve customer challenges and to clarify technical content.

To be successful in this role, you will need

In-depth knowledge of common security software and hardware vulnerabilities and attack vectors. Deep familiarity with OWASP top 20.
Understanding of secure coding practices, cryptography, and authentication protocols.
In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
Some programming experience with scripted languages (preferably Python3) and compiled languages (preferably C).

Base Pay Range: Salary ranges are determined by role, level, and location. Individual pay is determined by state, work location, and additional factors including job-related skills, experience, specialized skills or certifications, and relevant education or training. This position is eligible for incentive bonus compensation, and medical, dental, vision, life insurance, and 401K. Your recruiter can share more about the specific details of the compensation and benefits package during the interview process.

Why Flashpoint is a Great Place to Work:

Diversity. Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
Culture and Belonging. Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become. You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more.
Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment. That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.

Are you unsure if this role suits you or not? Unsure about the timing? Interested in future opportunities? Stay connected by joining our Talent Network. By doing so, you'll stay updated with Flashpoint news and upcoming career opportunities. Even if you're not ready to apply now, being part of our Talent Network ensures you won't miss out on exciting opportunities in the future.

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

What is your Preferred Name?

Preferred or chosen name you wish to be known and have appear throughout the interview process.

LinkedIn Profile

Website

How did you hear about this job?

What are your pronouns?

Do you now or in the future require visa sponsorship to continue working in the United States? *

Are you currently eligible for employment in the United States? *

Please list Vulnerabilities that you have direct experience researching *

Please list the programming languages you have experience using *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Flashpoint’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.

Please complete the reCAPTCHA above.