About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

Customer Success Engineers at VulnCheck are dedicated to empowering customers to automate their security operations, streamline analyst workflows, and maximize the value of the VulnCheck Platform. As a key member of the team, you will partner closely with customers, partners, and internal teams to deliver exceptional technical guidance and ensure successful adoption of VulnCheck’s intelligence data.

In this role, you will support strategic Government customers as they implement and customize VulnCheck data to enrich their mission. You will serve as a trusted technical advisor and primary point of contact, helping customers integrate VulnCheck into their security operations while building strong relationships with technical stakeholders including red-team and blue-team security engineers. Although this is a 100% remote role, candidates must be located in Maryland for occasional onsite meetings with our federal and pub sector customers. 

What You’ll Do

• Partner with Government customers to implement and customize VulnCheck intelligence data within their platforms and security workflows to meet their objectives.
• Guide customers through integrations and automation of using VulnCheck APIs, CLI/SDK, and other platform components.
• Provide technical onboarding, training, and best-practice guidance to help customers successfully adopt and optimize VulnCheck intelligence.
• Write custom scripts and troubleshoot technical issues related to APIs, data fidelity, integrations, and platform performance.
• Act as the primary technical contact for customers, resolving issues, answering product questions, and supporting ongoing success.
• Build strong relationships with security leaders and technical teams and security engineers.
• Advocate for customers internally by providing product feedback and identifying opportunities to improve integrations, workflows, and user experience.
• Support escalations and provide deep product expertise across setup, deployment, adoption, and optimization.

What You’ll Bring

• Deep understanding of the Cybersecurity product landscape with a focus in vulnerability exploitation lifecycle and Cyber Kill Chain
• A comprehensive understanding of the roles, interactions, and challenges in incident response, vulnerability management, and SOC analysis/management, including how each can leverage vulnerability intelligence for support.
• Ability to develop and maintain scripts in Python.
• Ability to understand and compile Golang
• Ability to work with APIs and JSON.
• Strong understanding of red-team/offensive techniques

Preferred Qualifications

• Experience in customer-facing roles with familiarity with Customer Success processes and metrics is highly preferred

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles:

Benefits and Perks

• Unlimited PTO
• 401k plan with 100% match on first 3%, then 50% of the next 3-5% of compensation
• Comprehensive healthcare coverage
• Generous paid parental leave
• Remote friendly environment with flexibility
• Expense reimbursement for Cell Phone & Internet 
• Ongoing professional development, coaching, and learning resources

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.

As the Cybersecurity Analyst Tier 2, you are responsible for overseeing and managing Tier 2 level threat response in our client’s Security Operations Center. Your role involves working with a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment at the Tier 2 Level. Additionally, you play a critical role in analyzing and resolving cyber threats or escalating incidents for Tier 3 response as necessary.  Technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. This role is ONSITE in our SOC located in Rockville, MD.  US Citizenship is required for consideration.

Role and Responsibilities 

• Respond promptly and effectively to security incidents and threats discovered by CSOC Analyst Level I and carry out effective Level II analysis of incidents.
• Remediation of incidents and escalation when necessary to Tier 3 support
• Initial assessment of the scope of the attack and affected systems
• Accurately document cases during investigations and effectively communicate findings to Level I Analyst or escalation team to ensure complete handover of work streams.
• Continuously improve incident management processes through periodic threat hunting exercises, knowledge optimization effort building, and by comprehensive diagnosis and analysis of incident trends.
• Follow the issue tracking, escalation policies and work effectively across all CSOC tiers as the technical competence requires.
• Dedicated monitoring and analysis of cyber security events by use of SOC tools
• Incident Response generation and reporting IAW established procedures.
• Provide Level II technical support in CSOC operations and activities.
• Provide daily/weekly updates on CSOC operations and developments.
• Conduct Forensic analysis and respond to data call activities.
• Generate quality technical reports containing methodologies, findings, and recommendations.
• Work with external stakeholders to understand operational needs and develop effective processes.
• Maintain a current understanding of industry trends, emerging cyber threats, and new solutions which may impact CSOC activities.
• Collaborate with CSOC SME to ensure optimal performance using CSOC technology.
• Identify, reverse engineering and de-obfuscating digital content related to an incident.

 Qualifications:

3-5+ years of experience within a Level Tier 2 cybersecurity environment; experience in a leadership role is preferred.

Bachelor’s in information technology, Computer Science, or a related field; or relevant, commensurate work experience

Robust Certification Portfolio including Security+ and one or more of the following preferred: Network+, CEH, Azure or Cloud Certification, and Splunk Core Certified Power User.

Vulnerability/cyber incident management framework

Experience with advanced technologies such as: Splunk SaaS, Splunk Enterprise Security, Splunk SaaS UBA, Crowdstrike, Tenable, Forescout, zScaler, Bigfix, MaaS-360 (IBM MaaS-360), and Encase for forensic investigations, Fireeye, Cortex XSOAR, Cortex XDR, and Prisma-Access

Prior HHS experience a plus

Compensation: The salary range for this position is $115,000 to $120,000 per year based and is based on experience and certifications levels.

Benefits: Health, dental, and vision insurance; 401(k) with employer match; paid time off; professional development opportunities.

#LI-OnSite

As the Cybersecurity Analyst Tier 2, you are responsible for overseeing and managing Tier 2 level threat response in our client’s Security Operations Center. Your role involves working with a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment at the Tier 2 Level. Additionally, you play a critical role in analyzing and resolving cyber threats or escalating incidents for Tier 3 response as necessary.  Technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. This role is ONSITE in our SOC located in Rockville, MD.  US Citizenship is required for consideration.

This role is full-time and requires the ability to work 6 PM to 6 AM on weekends and 2 fixed shifts during the work week.

Role and Responsibilities 

• Respond promptly and effectively to security incidents and threats discovered by CSOC Analyst Level I and carry out effective Level II analysis of incidents.
• Remediation of incidents and escalation when necessary to Tier 3 support
• Initial assessment of the scope of the attack and affected systems
• Accurately document cases during investigations and effectively communicate findings to Level I Analyst or escalation team to ensure complete handover of work streams.
• Continuously improve incident management processes through periodic threat hunting exercises, knowledge optimization effort building, and by comprehensive diagnosis and analysis of incident trends.
• Follow the issue tracking, escalation policies and work effectively across all CSOC tiers as the technical competence requires.
• Dedicated monitoring and analysis of cyber security events by use of SOC tools
• Incident Response generation and reporting IAW established procedures.
• Provide Level II technical support in CSOC operations and activities.
• Provide daily/weekly updates on CSOC operations and developments.
• Conduct Forensic analysis and respond to data call activities.
• Generate quality technical reports containing methodologies, findings, and recommendations.
• Work with external stakeholders to understand operational needs and develop effective processes.
• Maintain a current understanding of industry trends, emerging cyber threats, and new solutions which may impact CSOC activities.
• Collaborate with CSOC SME to ensure optimal performance using CSOC technology.
• Identify, reverse engineering and de-obfuscating digital content related to an incident.

 Qualifications:

3-5+ years of experience within a Level Tier 2 cybersecurity environment; experience in a leadership role is preferred.

Bachelor’s in information technology, Computer Science, or a related field; or relevant, commensurate work experience

Robust Certification Portfolio including Security+ and one or more of the following preferred: Network+, CEH, Azure or Cloud Certification, and Splunk Core Certified Power User.

Vulnerability/cyber incident management framework

Experience with advanced technologies such as: Splunk SaaS, Splunk Enterprise Security, Splunk SaaS UBA, Crowdstrike, Tenable, Forescout, zScaler, Bigfix, MaaS-360 (IBM MaaS-360), and Encase for forensic investigations, Fireeye, Cortex XSOAR, Cortex XDR, and Prisma-Access

Prior HHS experience a plus

Compensation: The salary range for this position is $115,000 to $120,000 per year based and is based on experience and certifications levels.

Benefits: Health, dental, and vision insurance; 401(k) with employer match; paid time off; professional development opportunities.

#LI-OnSite

As the Cybersecurity Analyst Tier 3, you are responsible for overseeing and managing the daily activities of the Security Operations Center for our federal customer. Your role involves helping to lead a team of security analysts and engineers who monitor, detect, analyze, and respond to security incidents and threats in an organization's IT environment. As a Cybersecurity Analyst T3, you play a critical role in safeguarding the organization's assets, data, and reputation from cyber threats. Leadership skills, technical expertise, and a deep understanding of cybersecurity concepts are essential for success in this role. The physical worksite for this position is located in Rockville, MD.  This position requires that ability to obtain and retain a public trust level security clearance. An active CISSP, CISM, or CISA is required for consideration for this position.  US Citizenship is required for this role.

Role and Responsibilities

• Team Management: You are managing highly complex cybersecurity issue resolution while training and mentoring Tier 1 and Tier 2 Analysts. This involves hiring, training, and mentoring security analysts, engineers, and other team members. You will help ensure that each team member understands their roles, responsibilities, and goals within the SOC.
• Effectively communicate information to stakeholders of all levels.
• Incident Response: Coordinating the response to security incidents is a crucial aspect of your role. When a security incident occurs, you will help guide the team in analyzing and containing the threat, mitigating the impact, and initiating recovery procedures.
• Security Monitoring and Detection: Overseeing the continuous monitoring of security events and alerts to identify potential security breaches or threats. This includes analyzing logs, network traffic, and security tools to detect anomalous behavior and suspicious activities.
• Threat Intelligence: Keeping abreast of the latest security threats, vulnerabilities, and attack techniques is essential. You will be responsible for integrating threat intelligence into your SOC's processes and ensuring the team is well-informed about emerging risks.
• Incident Analysis and Reporting: The Tier 3 team will investigate and analyze security incidents to understand their root cause and potential impact. You will generate incident reports for both technical and non-technical stakeholders, including management and relevant authorities.
• Security Tooling and Technology: Evaluating and implementing security technologies, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other security tools that enhance the SOC's capabilities.
• Process Improvement: Continuously improving SOC procedures, workflows, and playbooks to streamline incident response and enhance overall security operations.
• Collaboration: Working closely with other teams in the organization, such as IT, network operations, compliance, and legal, to ensure effective communication and coordination during security incidents.
• Compliance and Regulations: Ensuring that the SOC operates in compliance with relevant security standards, regulations, and policies.
• Training and Awareness: Conducting regular security awareness training for employees to enhance the overall security posture of the organization.

Qualifications:

• 5+ years of experience within a cybersecurity environment; including 3+ years of experience in a cybersecurity SOC leadership role is required.
• Bachelor’s degree in computer science, or a related field; or 5+ years of commensurate work experience in lieu of a degree.
• Endpoint and network security experience required.
• Experience in a security operations center, or similar environment, and identifying indications of compromise or attack and responding to incidents.
• Robust certification credentials such as: CISSP, CISM, CISA, required, additional certifications such as Network+, CEH, SANS FOR578: Cyber Threat Intelligence, SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics, Splunk Core Certified Advanced Power User, Splunk Administrator, and Splunk SOAR administrator are preferred.
• Knowledge of MITRA attached framework.
• Vulnerability/cyber incident management framework
• Experience in SOC Tier 3, mentoring a team of cybersecurity professionals.
• Experience with digital forensics and process
• Knowledge of Splunk, Crowdstrike, tenable, forescout, Xscalar, BigFix, MS360, Encase, Fireeye, Cortex SOAR XDR, Prisma

Preferred Skills and Experience:

• IDS, IPS, EDR, ATP, Malware defenses and monitoring experience.
• Threat hunting experience preferred.
• Knowledge of common adversary tactics and techniques, e.g., obfuscation, persistence, defense evasion, etc.
• Working knowledge of incident response procedures.
• Experience with SQL query construction preferred.
• Experience administering and supporting Windows OS (both workstations and server) and one of the following: Apple or Linux-based operating systems.
• Fundamental understanding of network traffic analysis including TCP/IP, routing, switching, protocols, etc.
• Strong understanding of Windows event log analysis
• Experience with enterprise information security data management - SIEM experience a plus.
• Programming and scripting skills a plus.
• Excellent troubleshooting and analytical thinking skills
• Strong documentation and communication skills
• Advanced Cyber Security certifications preferred but not required.
• Excellent customer service skills

Compensation: The salary range for this position is $130,000 to $140,000 per year based and is based on experience and certifications levels.

Benefits: Health, dental, and vision insurance; 401(k) with employer match; paid time off; professional development opportunities.

#LI-OnSite

This Senior IAM Engineer will own the Okta for Government High (FedRAMP High) tenant, which serves as the enterprise Identity Provider and Identity Governance platform for a 1,500+ user organization. The role is the primary technical resource responsible for the build, enhancement, and operation of key functions, including SSO integrations, Identity Governance (OIG), Lifecycle Management, Workflows automation, and Adaptive MFA policy.

In the first three months, you will help develop the core program documentation and workflows. You will collaborate with external teams like IT, Legal and People to integrate into company processes. You will work with our technical security experts to build Identity and Access management processes and procedures.

Responsibilities

• Own the Okta for Government High (FedRAMP High) tenant — configuration, health, lifecycle, and security posture
• Manage Universal Directory: on-prem AD Agent sync, HRIS attribute mastering, profile mappings, and group rules
• Build and maintain all SSO app integrations via the Okta Integration Network (OIN) using SAML, OIDC, and SCIM
• Own and maintain Okta Adaptive MFA policies: factor enrollment rules, risk-based step-up authentication, FIDO2/YubiKey/PIV/CAC configuration
• Maintain the Okta System Log to Microsoft Sentinel log streaming pipeline and retention configuration
• Own Okta Identity Governance (OIG): entitlement catalog, access certification campaign setup, SoD policy rules, and access request workflow design
• Own, Build and Maintain Okta Lifecycle Management: JML automation rules, HRIS connector configuration, and auto-provisioning and deprovisioning into all connected applications, access review triggers, and automated remediation
• Design, build, and document all Okta-side enhancements including new app onboarding, policy changes, and IGA configuration updates
• Write test cases for all Okta-side changes; execute UAT jointly with the Identity Governance & Operations Analyst before production promotion
• Support Identity Operations Specialist on Tier 2 Okta escalations and Workflow troubleshooting
• Assist Identity Governance & Operations Analyst with OIG campaign configuration and certification reporting

Requirements:

• 4+ years of hands-on Okta administration and engineering experience
• Demonstrated experience with Okta SSO app integrations via SAML 2.0 and OIDC
• Experience with Okta Lifecycle Management and HRIS connector configuration
• Experience building Okta Workflows for provisioning automation
• Experience with Okta Adaptive MFA policy configuration including FIDO2/WebAuthn and hardware token enrollment
• Experience with Okta Universal Directory including AD Agent deployment and profile mastering

Compliance Requirements: this role will be subject to US Federal regulations, therefore:

• Must be a U.S. Citizen or Lawful Permanent Resident (Green Card holder) — U.S. Person 
• Ability to obtain and maintain a security clearance or pass a background investigation consistent with CUI access
  
  

Preferred Qualifications:

• Experience with Okta for Government High (FedRAMP High) or FedRAMP Moderate environments — strong preference
• Okta Identity Governance (OIG) experience — access certifications, SoD, entitlement management
• Experience federating Okta to Microsoft Entra ID / GCCH as a SAML Service Provider
• Familiarity with CMMC, ITAR, GDPR, SOX, SOC 2 compliance requirements
• Experience with SCIM 2.0 provisioning to downstream applications
• Okta Identity Governance certification (preferred)

The approximate base salary range for this position is $126,887 - $166,127. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

Location: This role is based out of our College Park, Boulder, CO, or Bothell, WA offices, or can be remote in the US. 
Travel: Up to 1 week per quarter
Job ID:  1460