We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Software Vulnerability Analyst

ANALYGENCE
Jul 07, 2026

The DHS CISA Cybersecurity Division (CSD) Vulnerability Management (VM) Disclosure Branch enables the Government to maintain an analytical edge over adversaries and to support vulnerability coordination activities across the United States. The Disclosure Branch has a requirement to develop a vulnerability ecosystem through partnership and platform development and to create assurance in future software products to deployed in various networks through the expansion of the concept of Software-Bills-of-Materials and other mechanisms to uncover trends, provide solutions, and reduce the risk of products deployed on our Nation's networks.

Tharros is seeking a Software Vulnerability Analyst to support the analytical core of this mission. You will analyze software vulnerabilities, support coordinated disclosure, and help surface risk across the software ecosystem - growing your expertise alongside senior analysts while putting automation and AI to work on the day-to-day analytical load.


What You'll Do:
  • Analyze software vulnerabilities - assessing root cause, exploitability, and impact across components and dependencies.
  • Support vulnerability disclosure activities in coordination with researchers, vendors, and government partners.
  • Analyze dependency and component data to help uncover trends and surface risk across the software ecosystem.
  • Apply established analytical standards, triage criteria, and workflows, and help refine them over time.
  • Use automation and AI/LLM tooling to scale vulnerability analysis and review its output for accuracy.
What We're Looking For:
  • Bachelor's degree in computer science, cybersecurity, or a related field.
  • 2+ years of hands-on vulnerability analysis experience - assessing, triaging, and reasoning about software vulnerabilities and their impact.
  • Working understanding of the vulnerability lifecycle, disclosure processes, and scoring/classification frameworks (e.g., CVE, CWE, CVSS).
  • Ability to analyze software and dependency relationships.
  • Familiarity with applying automation and AI/LLM tooling to scale vulnerability analysis (preferred).
  • Background supporting U.S. Government or critical-infrastructure cybersecurity missions (preferred).
  • Strong written and verbal communication skills.
  • Proficient in Microsoft Office Suite to include Teams or similar workplace chat and videoconferencing tools.
Applied = 0

(web-77cf7d65c7-4rhzf)