[Remote] Associate Principal Vulnerability Analyst
Note: The job is a remote job and is open to candidates in USA. Dragos is on a mission to defend industrial organizations with a focus on ICS/OT Cybersecurity. The Associate Principal Vulnerability Analyst will transform vulnerability data into actionable intelligence for operational technology environments, ensuring the safety of industrial infrastructure.
Responsibilities
⢠Evaluate vulnerability disclosures from CVEs, NVD, KEV, CISA, vendor advisories, and other public sources to assess relevance and impact to OT environments
⢠Curate and prioritize vulnerability information based on asset criticality, exploitability, and operational impact to industrial systems
⢠Own the technical strategy for vulnerability content standards, including analysis methodologies, quality benchmarks, and content review
⢠Enrich vulnerability data by mapping affected products, firmware versions, and asset classifications to ensure comprehensive coverage
⢠Translate technical vulnerability details into actionable, OT-contextualized content for the Dragos platform, including advisories, asset mappings, and mitigation guidance
⢠Leverage platform telemetry and maintain product catalogs to identify detection gaps, prioritize coverage, and improve content accuracy
⢠Mentor junior and mid-level analysts, providing technical guidance and quality review of content outputs
⢠Lead cross-functional initiatives with engineering teams to improve content creation workflows, validation processes, and delivery pipelines
⢠Monitor emerging vulnerability sources and feeds to ensure timely coverage and identify gaps in existing content
⢠Drive continuous improvement of team processes, content standards, and analysis methodologies
Skills
⢠6+ years of experience in vulnerability analysis, vulnerability management, or a related technical security discipline
⢠2+ years of hands-on experience with ICS/OT technologies, including PLCs, RTUs, HMIs, SCADA systems, or industrial networking protocols (Modbus, DNP3, EtherNet/IP, OPC, etc.)
⢠Strong understanding of CVE lifecycle, CVSS scoring, CPE (Common Platform Enumeration), and vulnerability advisory interpretation
⢠Strong working knowledge of vulnerability databases, threat intelligence feeds, and security content platforms
⢠Demonstrated ability to map vulnerabilities to affected products, firmware versions, and asset inventories
⢠Proven ability to produce clear, accurate, and actionable technical content for diverse audiences
⢠Proficiency with git workflows, branching strategies, and code review processes
⢠Familiarity with command-line tooling and scripting languages (Python or similar) for workflow automation
⢠Strong communication and collaboration skills with the ability to mentor others and influence content quality standards
⢠Background in asset management, configuration management, or IT/OT inventory systems is beneficial
⢠Prior experience in critical infrastructure sectors (energy, manufacturing, water, transportation) is nice to have
Benefits
⢠Competitive Equity Package
⢠Comprehensive Benefits Plan
Company Overview
⢠Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. It was founded in 2016, and is headquartered in Hanover, Maryland, USA, with a workforce of 501-1000 employees. Its website is https://www.dragos.com.
Apply Now
Apply Now
Responsibilities
⢠Evaluate vulnerability disclosures from CVEs, NVD, KEV, CISA, vendor advisories, and other public sources to assess relevance and impact to OT environments
⢠Curate and prioritize vulnerability information based on asset criticality, exploitability, and operational impact to industrial systems
⢠Own the technical strategy for vulnerability content standards, including analysis methodologies, quality benchmarks, and content review
⢠Enrich vulnerability data by mapping affected products, firmware versions, and asset classifications to ensure comprehensive coverage
⢠Translate technical vulnerability details into actionable, OT-contextualized content for the Dragos platform, including advisories, asset mappings, and mitigation guidance
⢠Leverage platform telemetry and maintain product catalogs to identify detection gaps, prioritize coverage, and improve content accuracy
⢠Mentor junior and mid-level analysts, providing technical guidance and quality review of content outputs
⢠Lead cross-functional initiatives with engineering teams to improve content creation workflows, validation processes, and delivery pipelines
⢠Monitor emerging vulnerability sources and feeds to ensure timely coverage and identify gaps in existing content
⢠Drive continuous improvement of team processes, content standards, and analysis methodologies
Skills
⢠6+ years of experience in vulnerability analysis, vulnerability management, or a related technical security discipline
⢠2+ years of hands-on experience with ICS/OT technologies, including PLCs, RTUs, HMIs, SCADA systems, or industrial networking protocols (Modbus, DNP3, EtherNet/IP, OPC, etc.)
⢠Strong understanding of CVE lifecycle, CVSS scoring, CPE (Common Platform Enumeration), and vulnerability advisory interpretation
⢠Strong working knowledge of vulnerability databases, threat intelligence feeds, and security content platforms
⢠Demonstrated ability to map vulnerabilities to affected products, firmware versions, and asset inventories
⢠Proven ability to produce clear, accurate, and actionable technical content for diverse audiences
⢠Proficiency with git workflows, branching strategies, and code review processes
⢠Familiarity with command-line tooling and scripting languages (Python or similar) for workflow automation
⢠Strong communication and collaboration skills with the ability to mentor others and influence content quality standards
⢠Background in asset management, configuration management, or IT/OT inventory systems is beneficial
⢠Prior experience in critical infrastructure sectors (energy, manufacturing, water, transportation) is nice to have
Benefits
⢠Competitive Equity Package
⢠Comprehensive Benefits Plan
Company Overview
⢠Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. It was founded in 2016, and is headquartered in Hanover, Maryland, USA, with a workforce of 501-1000 employees. Its website is https://www.dragos.com.
Apply Now
Apply Now