RVD Analyst

RVD Analyst:

The Opportunity:

We are seeking a Responsible Vulnerability Disclosure (RVD) Program Analyst to manage our internal vulnerability disclosure program. This individual will act as the central point of coordination for intake, validation, tracking, and remediation of vulnerabilities reported by security researchers, customers, and internal teams. The ideal candidate will have strong application security expertise—particularly in identifying, reproducing, and retesting vulnerabilities—alongside excellent program management and stakeholder engagement skills.

What you'll do…

• Manage the day-to-day operations of the RVDP, including intake, tracking, and reporting of disclosed security vulnerabilities.
• Assess the severity, scope, and impact of reported vulnerabilities. Prioritize issues based on risk.
• Author security advisories and CVE records as necessary.
• Develop and continuously improve processes, playbooks, and workflows for vulnerability handling, tracking, escalation, and closure.
• Work cross-functionally with engineering, product, and infrastructure teams to validate vulnerabilities and drive timely remediation.
• Generate regular reports and dashboards on vulnerability trends, remediation timelines, and program health. Provide executive-level updates when required.
• Leverage automation where possible to streamline processes.
• Ensure vulnerability management practices support compliance objectives and risk reduction efforts. Assist in audits and security assessments as needed.

Who you are?

• Bachelor's degree in computer science, Cybersecurity, or a related field—or equivalent practical experience.
• 5+ years of experience in security engineering, product security, or vulnerability management.
• Experience managing a responsible disclosure or bug bounty program.
• Knowledge of risk scoring frameworks (CVSS, EPSS).
• Strong understanding of common vulnerability types (e.g., OWASP Top 10, CWE), secure coding practices, and software development life cycles (SDLC).
• Experience working with issue tracking tools (e.g., Jira), vulnerability management platforms, and collaboration tools (e.g., Confluence, Slack).
• Ability to communicate clearly with both technical and non-technical audiences.
• Excellent organizational and project management skills.

Preferred Qualifications…

• Familiarity with regulatory frameworks and security standards (e.g., ISO 27001, SOC 2, NIST).
• Experience with vulnerability scanning tools (e.g., Snyk, Nessus, Qualys) and secure SDLC integration.