Job Description
Note: The job is a remote job and is open to candidates in USA. Dragos is on a mission to defend industrial organizations with a focus on ICS/OT Cybersecurity. The Associate Principal Vulnerability Analyst will transform vulnerability data into actionable intelligence for operational technology environments, ensuring the safety of industrial infrastructure. Responsibilities β’ Evaluate vulnerability disclosures from CVEs, NVD, KEV, CISA, vendor advisories, and other public sources to assess relevance and impact to OT environments β’ Curate and prioritize vulnerability information based on asset criticality, exploitability, and operational impact to industrial systems β’ Own the technical strategy for vulnerability content standards, including analysis methodologies, quality benchmarks, and content review β’ Enrich vulnerability data by mapping affected products, firmware versions, and asset classifications to ensure comprehensive coverage β’ Translate technical vulnerability details into actionable, OT-contextualized content for the Dragos platform, including advisories, asset mappings, and mitigation guidance β’ Leverage platform telemetry and maintain product catalogs to identify detection gaps, prioritize coverage, and improve content accuracy β’ Mentor junior and mid-level analysts, providing technical guidance and quality review of content outputs β’ Lead cross-functional initiatives with engineering teams to improve content creation workflows, validation processes, and delivery pipelines β’ Monitor emerging vulnerability sources and feeds to ensure timely coverage and identify gaps in existing content β’ Drive continuous improvement of team processes, content standards, and analysis methodologies Skills β’ 6+ years of experience in vulnerability analysis, vulnerability management, or a related technical security discipline β’ 2+ years of hands-on experience with ICS/OT technologies, including PLCs, RTUs, HMIs, SCADA systems, or industrial networking protocols (Modbus, DNP3, EtherNet/IP, OPC, etc.) β’ Strong understanding of CVE lifecycle, CVSS scoring, CPE (Common Platform Enumeration), and vulnerability advisory interpretation β’ Strong working knowledge of vulnerability databases, threat intelligence feeds, and security content platforms β’ Demonstrated ability to map vulnerabilities to affected products, firmware versions, and asset inventories β’ Proven ability to produce clear, accurate, and actionable technical content for diverse audiences β’ Proficiency with git workflows, branching strategies, and code review processes β’ Familiarity with command-line tooling and scripting languages (Python or similar) for workflow automation β’ Strong communication and collaboration skills with the ability to mentor others and influence content quality standards β’ Background in asset management, configuration management, or IT/OT inventory systems is beneficial β’ Prior experience in critical infrastructure sectors (energy, manufacturing, water, transportation) is nice to have Benefits β’ Competitive Equity Package β’ Comprehensive Benefits Plan Company Overview β’ Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. It was founded in 2016, and is headquartered in Hanover, Maryland, USA, with a workforce of 501-1000 employees. Its website is Apply tot his job Apply tot his job
Apply tot his job
Apply To this Job