<p><strong>Company Overview</strong></p><p>VulnCheck delivers next-generation exploit and vulnerability intelligence solutions for enterprise, Government and product teams to prevent large-scale remote code execution events with better, faster exploit data, massive-scale real-time monitoring and predictively-built detection artifacts. VulnCheck’s 300M+ unique data from 400+ sources points help vulnerability management and response teams outpace adversaries - autonomously. VulnCheck is an <a href="https://www.rsaconference.com/usa/programs/innovation-sandbox">RSAC Innovation Sandbox finalist</a> and a <a href="https://www.blackhat.com/asia-25/spotlight.html">Black Hat Startup Spotlight finalist</a>. </p><p><strong>Job Summary</strong></p><p>Are you passionate about advancing the science of vulnerability analysis and threat intelligence? Do you want to join a mission-driven team that delivers real-world impact—and has the resources and technical culture to fuel your curiosity?</p><p>We’re searching for a Senior Vulnerability Analyst with a deep understanding of the vulnerability management ecosystem, hands-on experience with the CVE process, and expert knowledge in standard frameworks like MITRE ATT&CK, CAPEC, CWE, and CVSS. This is a rare opportunity to leverage your skills and experience as a contributor to, or expert user of, CVE and related MITRE capabilities—while taking your career in vulnerability research to the next level.</p><p><strong>Location</strong></p><p>This is a <strong>100% remote</strong> role but we're primarily looking for candidates in Massachusetts (and Maryland).</p><p><strong>Why Join VulnCheck?</strong></p><p>VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. We especially welcome candidates bringing operational or leadership experience from the CVE Program or adjacent efforts—your background is valued here. </p><p>You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below) </p><ul><li>Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside the top domain experts in the field.</li><li>Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.</li><li>Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.</li><li>Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment and mapping.</li></ul><p><strong>Key Responsibilities</strong></p><ul><li>Map vulnerabilities: Analyze and map discovered vulnerabilities to MITRE ATT&CK techniques and CAPEC attack patterns with precision and consistency.</li><li>CWE assignment: Determine and assign accurate CWE (Common Weakness Enumeration) IDs, producing well-documented rationales.</li><li>CVSS calculation: Authoritatively calculate CVSS v3/v4 base scores, providing transparent, defensible justifications.</li><li>CVE Processing: Review, draft, and curate CVE Records, ensuring data quality, fidelity, and consistency with CVE Program standards.</li><li>Collaboration: Liaise with vulnerability researchers, product security teams, and standards communities to ensure best practices and knowledge transfer.</li><li>Process improvement: Develop and refine workflows and playbooks for vulnerability triage, mapping, and reporting.</li><li>Mentorship: Share your expertise by mentoring junior analysts and driving team knowledge-sharing initiatives.</li></ul><p><strong>Required Qualifications</strong></p><ul><li>Proven experience with the CVE Program—either as an analyst, CNA, or significant contributor in a major software or security organization.</li><li>Expert knowledge of MITRE ATT&CK, CAPEC, CWE, and working experience mapping vulnerabilities to these frameworks.</li><li>Advanced understanding of CVSS (v3 and v4), including real-world application to vulnerability scoring and risk communication.</li><li>Strong analytical, technical, and research skills, with a passion for data quality and process rigor.</li><li>Exceptional written and verbal communication skills—including the ability to translate complex technical details for diverse audiences.</li><li>Experience engaging with community initiatives, standards bodies, or open-source projects in the vulnerability or threat intelligence space is highly desirable.</li></ul><p><strong>Preferred Qualifications</strong></p><ul><li>Experience contributing to the evolution of vulnerability standards (e.g., participation in CVE Editorial Boards, CAPEC Working Groups, or similar).</li><li>Familiarity with automation tools or programming/scripting languages (Python, Golang, etc.) for data enrichment or workflow improvement.</li><li>Published research, whitepapers, or presentations in the field of vulnerability analysis, mapping, or threat intelligence.</li></ul><p><strong>Benefits</strong></p><ul><li>Competitive compensation package.</li><li>Comprehensive, 100% company-paid medical, dental, and vision plans.</li><li>Flexible work arrangements with the option to work remotely.</li><li>Dynamic work environment with opportunities for growth and advancement.</li><li>Access to continuous learning and development programs.</li></ul><p>Ready to move from enabling the ecosystem to leading its evolution? Apply now and help us protect what matters most!</p>