Vulnerability Analyst — External Attack Surface & VDP at Vanguard

Malvern, Pennsylvania, United States

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years)Experience Level

Full TimeJob Type

UnknownVisa

Financial ServicesIndustries

Requirements

3–5 years in vulnerability analysis, application/infrastructure security, red teaming, or penetration testing (internal or consulting)
Proven ability to validate complex issues (param tampering, authN/Z bypass, SSRF, injection, IDOR, misconfig, cloud/API exposures) and write concise, repeatable steps with screenshots/PoCs
Experience with EASM (e.g., Censys, Defender EASM, Cortex Xpanse) and VDP/bug bounty platforms (e.g., HackerOne, Bugcrowd) and their triage mechanics
Familiarity with enterprise VM & tracking (ServiceNow VR/IRM, Jira, Archer/Risk Register), and with platform scanners (Qualys/Tenable/Nessus/Burp/ZAP)
Working knowledge of cloud (AWS/Azure), web & API security, PKI/TLS hygiene, DNS, and internet exposed service hardening
Scripting (Python/PowerShell/Bash) for repeatable validation and data wrangling; basic SQL helpful
Exceptional written communication—capable of translating technical risk into actionable guidance and executive clarity

Responsibilities

Validate & reproduce findings from EASM (internet exposed assets, misconfigurations, leaked services, weak crypto, open ports) and from VDP submissions (web, API, mobile, infrastructure). Use manual techniques and PT frameworks to confirm exploitability and business impact
Right-size severity & priority using exploitability signals (e.g., public exploit, EPSS/KEV), control context, asset criticality, and exposure window; document rationale and evidence that developers and risk owners can act on
Deduplicate, enrich & route findings to the correct owners; eliminate false positives; merge related signal (scanner output, logs, asset inventory, prior exceptions) and ensure single threaded tracking to closure
Partner with secure business enablement & product teams to negotiate remediation paths and SLAs; propose compensating controls or layered fixes when “one-shot” remediation isn’t feasible
Partner on governance workflows for risk acceptances, rating overrides, and reacceptance cycles; ensure issues aging and SLAs are visible in our dashboards
Close the loop with researchers (for VDP) through clear, respectful communications and crisp proof-of-fix retesting
Continuously improve signal quality by tuning rules/policies, source inventories, and intake/playbooks; author repeatable runbooks for common vuln classes
Contribute as an adversary when needed (mini-engagements) to validate edge case chains and confirm impact beyond tool output

Skills

EASM

Censys

Defender EASM

Cortex Xpanse

VDP

HackerOne

Bugcrowd

Penetration Testing

Red Teaming

Vulnerability Analysis

SSRF

Injection

IDOR

Param Tampering

Auth Bypass

Cloud Security

API Security

Vanguard

Client-owned investment management firm offering low-cost funds

About Vanguard

Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.

Kline Township, PennsylvaniaHeadquarters

1975Year Founded

SECONDARYCompany Stage

Fintech, Financial ServicesIndustries

10,001+Employees

Benefits

Best-in-class medical, dental & vision coverage

Onsite health clinic & fitness center

Health Smart Rewards program

Vanguard Retirement Savings Plan

Education Benefits

PTO

Family Planning Benefist

Parental leave

Personal development opportunities

Volunteer Time Off

Risks

Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.

Vanguard's stake in Steelcase exposes it to the volatile furniture market.

New active bond ETFs may struggle in a low-yield environment with increasing competition.

Differentiation

Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.

The firm offers low-cost investment products, making it attractive to cost-conscious investors.

Vanguard's ownership structure allows it to focus on long-term investor value.

Upsides

Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.

The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.

Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.

Land your dream remote job 3x faster with AI

Try Jobo Free