Security Vulnerability Researcher

The Security Vulnerability Researcher will support a U.S. Government contract by assessing, identifying, and analyzing vulnerabilities across publicly and commercially available data sources and systems. This role involves conducting independent and collaborative research into emerging threats, software and infrastructure weaknesses, and data exposure risks that may impact mission-critical government systems.

The ideal candidate will possess deep technical expertise in vulnerability assessment, open-source intelligence (OSINT), and cyber threat analysis, along with the ability to clearly communicate findings and recommend actionable mitigations.

**Key Responsibilities**

• Conduct security research and vulnerability assessments on publicly and commercially available data, systems, and platforms relevant to government missions.
• Identify, characterize, and document potential security weaknesses, misconfigurations, and data exposures.
• Evaluate the security posture of open-source and commercial software, APIs, and datasets to identify potential risks to government information systems.
• Develop technical reports, risk assessments, and vulnerability intelligence summaries for internal and client stakeholders.
• Collaborate with government cybersecurity teams and other researchers to prioritize vulnerabilities and develop mitigation or remediation recommendations.
• Track and analyze threat actor activity, exploitation trends, and newly disclosed vulnerabilities (CVEs).
• Utilize reverse engineering, static/dynamic analysis, and open-source research techniques to validate and contextualize vulnerabilities.
• Maintain awareness of emerging technologies, attack techniques, and industry best practices for vulnerability management.
  
  

**Requirements**

• Fluency in English (written and spoken)
• U.S. citizenship and ability to obtain and maintain a TS/SCI security clearance with the US Government.
  
  

**Education**

Bachelors degree in Computer Science, Cybersecurity, Information Security, or a related technical field (or equivalent experience).

**Required Skills, Experience and Abilities**

• Minium 5 years of experience in vulnerability research, penetration testing, exploit development, or threat intelligence.
• Strong understanding of network protocols, operating systems (Windows, Linux, macOS), and common web application vulnerabilities.
• Experience using vulnerability assessment tools (e.g., Nessus, Burp Suite, Nmap, Metasploit, IDA Pro, Ghidra, or similar).
• Knowledge of CVE/CVSS standards, MITRE ATTandCK framework, and vulnerability disclosure processes.
• Demonstrated experience collecting and analyzing publicly available and commercial data sources to assess security posture.
  
  

**Preferred Qualifications**

• Experience supporting U.S. Government cybersecurity, intelligence, or defense programs.
• Proficiency in scripting and automation (Python, PowerShell, Bash).
• Familiarity with data protection, privacy regulations, and responsible disclosure requirements.
• Relevant certifications such as OSCP, OSCE, CEH, CISSP, GREM, or GIAC GCTI.
  
  

**Physical Demands and Work Environment**

The physical demands and work environment described are representative of those that an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Prolonged periods of sitting at a desk and working on a computer.
• Ability to sit or stand for long periods of time
• Dynamic, research-driven environment requiring collaboration with multidisciplinary teams.
• Must be able to handle sensitive or classified information in accordance with government policies.
• Standard work schedule is Mon-Fri with core hours from 7am-5pm EST
• 8 hour work day with flexibility within the core hours of operation.