Vulnerability Analyst

Work Address : MOA, Pasay

Work Set-up : Hybrid (1-2x a month RTO)

Work Schedule : Mid Shift (4 or 5 PM - Login time)

DUTIES and RESPONSIBILITIES :

Vulnerability Analysts aid in the identification, assessment, and communication of new and

emergent threats in the cybersecurity landscape, specifically vulnerability intelligence and

detections. As a Vulnerability Analyst, you will be expected to familiarize yourself with high-impact

and critical vulnerabilities, proofs-of-concept, and reports of in-the-wild exploitation, producing

and reviewing intelligence summaries accessible to Client's customers.

• Vulnerability Lead Identification and Analysis : You will be tasked with the prompt

identification, analysis, and comprehensive assessment of emerging cybersecurity

threats, specifically recently disclosed or exploited vulnerabilities.

➢ Subject Matter : Your technical prowess will be crucial in ensuring our preparedness

for potential risks and understanding the implications of prompt and thorough analysis

of high-impact vulnerabilities.

➢ Key Detail Identification : During research, identify and take note of infection chains,

host and network IoCs, malware samples, threat actors, exposed vulnerable

instances, publicly available proofs-of-concept, and MITRE ATT&CK tactics and

techniques

Instances include a combination of information from open-source reporting and your own

analysis (i.e. code review). Each TTP Instance should comprehensively address the

nature of the threat, its potential impact, suggested mitigation strategies, and a succinct

summary for quick referencing. ○ Cadence : Write at least 2 TTP Instance notes daily

➢ Quality : Authored TTP Instances should include minimal grammatical or syntax errors.

Plagiarism is not acceptable.

ensuring these templates are tailored to detect new and emerging vulnerabilities

efficiently.

➢ Cadence : Create at least 1 Nuclei template per month with assistance from our Senior

Vulnerability Analyst

➢ Delivery : Nuclei templates will be delivered alongside a TTP Instance.

Security : Adhere to and implement Infinit-O's quality and information security policies

and carry out its processes and procedures accordingly. ○ Protect client-supplied and

generated-for-client information from unauthorized access, disclosure, modification,

destruction, or interference (see also Table of Offenses)

➢ Carry out tasks as assigned and aligned with particular processes or activities related

to information security.

➢ Report any potential or committed non-conformity, observation and / or security event

or risks to your immediate superior.

QUALIFICATIONS :

detection, penetration testing, or vulnerability assessment.

for vulnerability analysis.

ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain.

VirusTotal, Shodan, etc.

technical concepts into engaging, reader-friendly content.