Job Overview
We are seeking a Vulnerability Analyst to support and operate our enterprise vulnerability management program as part of the Cybersecurity team. This role responsible for technical vulnerability analysis, risk-based prioritization, and remediation alignment using enterprise vulnerability platform and supporting tools.
Responsibilities:
Operate and manage our enterprise vulnerability management platform, including vulnerability discovery, analysis, and lifecycle management.
Triage and prioritize vulnerabilities using CVSS scoring frameworks in conjunction with internal risk methodologies, threat context, and asset criticality.
Analyze vulnerabilities in the context of known exploits, bugs, and active threat activity.
Apply attack frameworks (e.g., MITRE ATT&CK) to evaluate potential attacker techniques, attack paths, and exposure impact.
Define and maintain technical reporting criteria that align vulnerabilities with appropriate remediation teams and the target operating model.
Partner with infrastructure, application, and platform teams to drive remediation outcomes.
Validate findings and investigate false positives through system, service, and configuration review.
Operate comfortably in Linux-based environments, including command-line troubleshooting and service inspection.
Troubleshoot, optimize, and implement technical configurations and plugin modifications to enhance scanning processes and improve outcomes.
Participate in the Cybersecurity team’s on-call and escalation rotation.
Qualifications:
3–5 years of hands-on cybersecurity experience, preferably in vulnerability management or security engineering.
Experience operating vulnerability scanning platforms such as TenableOne Nessus, Rapid7 InsightVM, OpenVAS and/or Qualys VMDR.
Strong working knowledge of Vulnerabilities, exploits, and common attack vectors, CVSS scoring and risk-based prioritization, Linux operating systems and command-line tools as well as MITRE ATT&CK framework or similar attack frameworks.
Ability to translate technical vulnerability data into actionable remediation guidance.
Ability to define, measure, and report on key risk indicators (KRIs) and key performance indicators (KPIs).
In addition, experience with any of the following would be valuable:
Exposure to red team, purple team, or offensive security activities.
Experience mapping vulnerabilities to attacker techniques or simulating adversary behaviour.
Familiarity with threat intelligence or exploit research.
AWS/Azure cloud or hybrid environment exposure.
Scripting or automation experience (Python, Bash) is a plus.
Understanding of FAIR framework or similar methodologies is a plus.
Experience with CSPM or similar technologies is a plus.
The base salary range for this position is $80,000 - $135,000 per year.
Arrowstreet Capital operates a robust talent acquisition program, and we also seek to compensate and reward our employees competitively within our industry and in line with our merit-based culture. Our approach to total compensation includes base salaries and annual discretionary bonuses, as well as a robust benefits package. The determination of a successful candidate’s base salary placement within the listed range will vary based on the candidate’s relevant experience and qualifications (which may also include relevant certifications, credentials and other education), the job responsibilities and scope, the commensurate resulting level of the position and other relevant factors. The listed range is also an estimate, and additional information regarding base salary and other elements of total compensation offered by Arrowstreet Capital to successful applicants will be communicated during the recruitment process.
Arrowstreet Capital is a Boston-based systematic investment firm that manages global equity portfolios for institutional investors around the world.
All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, ancestry, genetic information, age, pregnancy, medical condition, disability, veteran or military status, marital status or any other characteristic protected by federal, state, or local law.
Arrowstreet Capital is committed to working with and providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you need a reasonable accommodation for any part of the employment process due to a disability, contact us to discuss the nature of your request and contact information.
