Cybersecurity Vulnerability Analyst

Peraton is seeking a Cybersecurity Vulnerability Analyst to support the DoD Vulnerability Disclosure Program from an onsite post in Linthicum, Maryland. The role centers on reviewing vulnerability reports submitted by external researchers, confirming reproducibility, and coordinating mitigations with the Vulnerability Management team for DoD assets in the Baltimore area. The position offers a salary range of $104,000 to $166,000 per year and requires a PhD.

Responsibilities

• Review and validate vulnerability reports submitted to the DoD VDP by external researchers.
• Assess reports for reproducibility to establish value for the customer.
• Determine vulnerability severity and assign a corresponding risk rating.
• Use the HackerOne Triage console to triage, prioritize, and detect duplicate submissions.
• Prepare reports in the DoD approved format and forward to the Vulnerability Management Analyst team to coordinate with system owners for mitigation.
• Serve as the DoD VDP liaison with the hacker community.
• Apply offensive toolsets including Kali Linux to safely analyze production networks and systems, documenting steps to produce actionable vulnerability assessments.
• Identify and investigate vulnerabilities, assess exploit potential, and document findings and remedies to support mitigations on customer environments.
• Perform web application vulnerability assessments using automated tools and manual techniques with Burp Suite and open-source toolsets.
• Use standard security tools to conduct automated scans across systems and applications.
• Develop and demonstrate proof-of-concept exploits to illustrate real-world impact using various web exploitation methods.

Requirements

• Education: PhD required; alternative pathways include a Bachelor’s degree with 5+ years of experience, or a Master’s with 3+ years, or PhD with 0+ years. Degrees in Information Technology, Computer Science, Cybersecurity, Information Systems, Software Engineering, or Data Science; plus 4 additional years of relevant experience or specialized training may be considered in lieu of a Bachelor’s degree.
• Security Clearance: Active Secret clearance.
• Certifications: Active IAT Level II certification (CompTIA Security+ preferred).
• In-depth understanding of information security principles and practices.
• Pentesting experience.
• Ability to apply MITRE ATT&CK, CVSS, and NIST frameworks to assess vulnerability severity and risk impact.
• In-depth understanding of web exploitation concepts and techniques.
• Knowledge of the OWASP Top 10.
• Experience operating in a professional IT or cybersecurity environment.
• Experience investigating security events, threats, and vulnerabilities.
• Understand information security principles, technologies, and practices.
• Excellent customer service skills.

Technologies

• Kali Linux
• HackerOne Triage
• Burp Suite
• HTML
• CSS
• SQL
• PowerShell
• Bash
• Python
• Perl
• Hack The Box
• MITRE ATT&CK
• CVSS
• NIST frameworks
• OWASP Top 10

Benefits

• Medical
• Dental
• Vision
• Life insurance
• Health savings account
• Short-term disability
• Long-term disability
• Employee Assistance Program (EAP)
• Parental leave
• 401(k)
• Paid time off (PTO) for vacation
• Company paid holidays