Sr. Vulnerability Analyst (Massachusetts)

Company Overview

VulnCheck delivers next-generation exploit and vulnerability intelligence solutions for enterprise, Government and product teams to prevent large-scale remote code execution events with better, faster exploit data, massive-scale real-time monitoring and predictively-built detection artifacts. VulnCheck’s 300M+ unique data from 400+ sources points help vulnerability management and response teams outpace adversaries - autonomously. VulnCheck is an RSAC Innovation Sandbox finalist and a Black Hat Startup Spotlight finalist.   

Job Summary

Are you passionate about advancing the science of vulnerability analysis and threat intelligence? Do you want to join a mission-driven team that delivers real-world impact—and has the resources and technical culture to fuel your curiosity?

We’re searching for a Senior Vulnerability Analyst with a deep understanding of the vulnerability management ecosystem, hands-on experience with the CVE process, and expert knowledge in standard frameworks like MITRE ATT&CK, CAPEC, CWE, and CVSS. This is a rare opportunity to leverage your skills and experience as a contributor to, or expert user of, CVE and related MITRE capabilities—while taking your career in vulnerability research to the next level.

Location

This is a 100% remote role but we're primarily looking for candidates in Massachusetts (and Maryland).

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. We especially welcome candidates bringing operational or leadership experience from the CVE Program or adjacent efforts—your background is valued here. 

You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below) 

• Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside the top domain experts in the field.
• Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment and mapping.

Key Responsibilities

• Map vulnerabilities: Analyze and map discovered vulnerabilities to MITRE ATT&CK techniques and CAPEC attack patterns with precision and consistency.
• CWE assignment: Determine and assign accurate CWE (Common Weakness Enumeration) IDs, producing well-documented rationales.
• CVSS calculation: Authoritatively calculate CVSS v3/v4 base scores, providing transparent, defensible justifications.
• CVE Processing: Review, draft, and curate CVE Records, ensuring data quality, fidelity, and consistency with CVE Program standards.
• Collaboration: Liaise with vulnerability researchers, product security teams, and standards communities to ensure best practices and knowledge transfer.
• Process improvement: Develop and refine workflows and playbooks for vulnerability triage, mapping, and reporting.
• Mentorship: Share your expertise by mentoring junior analysts and driving team knowledge-sharing initiatives.

Required Qualifications

• Proven experience with the CVE Program—either as an analyst, CNA, or significant contributor in a major software or security organization.
• Expert knowledge of MITRE ATT&CK, CAPEC, CWE, and working experience mapping vulnerabilities to these frameworks.
• Advanced understanding of CVSS (v3 and v4), including real-world application to vulnerability scoring and risk communication.
• Strong analytical, technical, and research skills, with a passion for data quality and process rigor.
• Exceptional written and verbal communication skills—including the ability to translate complex technical details for diverse audiences.
• Experience engaging with community initiatives, standards bodies, or open-source projects in the vulnerability or threat intelligence space is highly desirable.

Preferred Qualifications

• Experience contributing to the evolution of vulnerability standards (e.g., participation in CVE Editorial Boards, CAPEC Working Groups, or similar).
• Familiarity with automation tools or programming/scripting languages (Python, Golang, etc.) for data enrichment or workflow improvement.
• Published research, whitepapers, or presentations in the field of vulnerability analysis, mapping, or threat intelligence.

Benefits

• Competitive compensation package.
• Comprehensive, 100% company-paid medical, dental, and vision plans.
• Flexible work arrangements with the option to work remotely.
• Dynamic work environment with opportunities for growth and advancement.
• Access to continuous learning and development programs.

Ready to move from enabling the ecosystem to leading its evolution? Apply now and help us protect what matters most!