RVD Analyst

Recruitment Fraud Alert

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

What to know:

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

RVD Analyst:

The Opportunity:

We are seeking a Responsible Vulnerability Disclosure (RVD) Program Analyst to manage our internal vulnerability disclosure program. This individual will act as the central point of coordination for intake, validation, tracking, and remediation of vulnerabilities reported by security researchers, customers, and internal teams. The ideal candidate will have strong application security expertise—particularly in identifying, reproducing, and retesting vulnerabilities—alongside excellent program management and stakeholder engagement skills.

What you’ll do…

• Manage the day-to-day operations of the RVDP, including intake, tracking, and reporting of disclosed security vulnerabilities.
• Assess the severity, scope, and impact of reported vulnerabilities. Prioritize issues based on risk.
• Author security advisories and CVE records as necessary.
• Develop and continuously improve processes, playbooks, and workflows for vulnerability handling, tracking, escalation, and closure.
• Work cross-functionally with engineering, product, and infrastructure teams to validate vulnerabilities and drive timely remediation.
• Generate regular reports and dashboards on vulnerability trends, remediation timelines, and program health. Provide executive-level updates when required.
• Leverage automation where possible to streamline processes.
• Ensure vulnerability management practices support compliance objectives and risk reduction efforts. Assist in audits and security assessments as needed.

Who you are?

• Bachelor’s degree in computer science, Cybersecurity, or a related field—or equivalent practical experience.
• 5+ years of experience in security engineering, product security, or vulnerability management.
• Experience managing a responsible disclosure or bug bounty program.
• Knowledge of risk scoring frameworks (CVSS, EPSS).
• Strong understanding of common vulnerability types (e.g., OWASP Top 10, CWE), secure coding practices, and software development life cycles (SDLC).
• Experience working with issue tracking tools (e.g., Jira), vulnerability management platforms, and collaboration tools (e.g., Confluence, Slack).
• Ability to communicate clearly with both technical and non-technical audiences.
• Excellent organizational and project management skills.

Preferred Qualifications…

• Familiarity with regulatory frameworks and security standards (e.g., ISO 27001, SOC 2, NIST).
• Experience with vulnerability scanning tools (e.g., Snyk, Nessus, Qualys) and secure SDLC integration.