The External Attack Surface Management (EASM) Validation Analyst is responsible for triaging, validating, and operationalizing external security findings across EASM platforms, Vulnerability Disclosure Program (VDP), and GenAI-driven discovery capabilities. This role ensures that externally identified risks are accurate, prioritized appropriately, attributed to the correct owners, and driven toward remediation, enabling scalable risk reduction across the enterprise attack surface.
Key Responsibilities
- Triage and validate findings from EASM tools, VDP submissions, and GenAI-driven detection capabilities
- Perform technical validation to eliminate false positives and confirm exploitability risk
- Assign severity based on risk frameworks (CVSS, EPSS, KEV, asset criticality)
- Identify and attribute ownership to responsible application, infrastructure, or business teams
- Enrich findings with evidence, proof-of-concept, and remediation guidance
- Drive findings through remediation workflows, tracking SLA adherence and escalation
- Correlate findings across multiple sources to identify systemic risks or duplicate exposures
- Maintain and improve triage playbooks, workflows, and standard operating procedures
Platform & Operations Management
- Administer and support EASM and VDP platforms (e.g., Censys, Defender EASM, HackerOne, BugCrowd)
- Manage integrations with enterprise systems
- Ensure data quality, ingestion accuracy, and workflow integrity across platforms
- Monitor platform performance, uptime, and SLA adherence
- Support onboarding of new capabilities, including GenAI detection pipelines
Collaboration & Stakeholder Engagement
- Partner with application owners, infrastructure teams, and security teams to drive remediation
- Communicate risk in a clear, actionable manner for both technical and non-technical stakeholders
- Work with VDP researchers when needed to clarify submissions and validate findings
- Collaborate with broader vulnerability management and EASM/VDP leadership to improve processes
Required Qualifications
- 2-5 years of experience in cybersecurity, vulnerability management, or application security
- Strong understanding of web, API, cloud, and network security concepts
- Experience with vulnerability triage, validation, and risk prioritization
- Familiarity with EASM tools and vulnerability management platforms
- Knowledge of VDP or bug bounty programs and triage methodologies
- Strong analytical and problem-solving skills
Preferred Qualifications
- Experience with scripting (Python, PowerShell, Bash)
- Experience with Burp Suite or similar toolsets
- Familiarity with GenAI-assisted security tooling
- Experience working with ServiceNow VR/IRM, UVM platforms, or similar systems
- Knowledge of SaaS, cloud environments (AWS, Azure), and internet-exposed services'
- Industry certifications (Security+, CEH, OSCP, CISSP - Associate level)
Special FactorsSponsorshipVanguard is not offering visa sponsorship for this position.
