|
The DHS CISA Cybersecurity Division (CSD) Vulnerability Management (VM) Disclosure Branch enables the Government to maintain an analytical edge over adversaries and to support vulnerability coordination activities across the United States. The Disclosure Branch has a requirement to develop a vulnerability ecosystem through partnership and platform development and to create assurance in future software products to deployed in various networks through the expansion of the concept of Software-Bills-of-Materials and other mechanisms to uncover trends, provide solutions, and reduce the risk of products deployed on our Nation's networks. Tharros is seeking a Senior Software Vulnerability Analyst to lead the analytical core of this mission. This is a hands-on technical leadership role for someone with deep vulnerability analysis experience who can dissect complex disclosures, set the standard for how the team reasons about risk, and mentor analysts and engineers. You will drive the hardest analytical problems while shaping how automation and AI scale your judgment across the branch's workload.
What You'll Do:
- Lead in-depth analysis of software vulnerabilities - assessing root cause, exploitability, and impact across components and dependencies.
- Coordinate vulnerability disclosure activities with researchers, vendors, and government partners.
- Analyze dependency and component data to uncover systemic trends and surface risk across the software ecosystem.
- Define analytical standards, triage criteria, and workflows that the rest of the team follows.
- Guide the design of automation and AI/LLM tooling that scales vulnerability analysis, and validate that its output meets a senior analyst's bar.
- Mentor analysts and engineers, and serve as the technical authority on vulnerability assessment within the branch.
What We're Looking For:
- Bachelor's degree in computer science, cybersecurity, or a related field.
- 5+ years of hands-on vulnerability analysis experience - assessing, triaging, and reasoning about software vulnerabilities and their impact.
- Deep understanding of the vulnerability lifecycle, disclosure processes, and scoring/classification frameworks (e.g., CVE, CWE, CVSS).
- Proven ability to analyze complex software and dependency relationships.
- Experience leading or mentoring analysts and setting analytical standards (preferred).
- Familiarity with applying automation and AI/LLM tooling to scale vulnerability analysis (preferred).
- Background supporting U.S. Government or critical-infrastructure cybersecurity missions (preferred).
- Strong written and verbal communication skills, with experience coordinating across researchers, vendors, and stakeholders.
- Proficient in Microsoft Office Suite to include Teams or similar workplace chat and videoconferencing tools.
|