Vulnerability Analyst

Work Address: MOA, Pasay
Work Set-up: Hybrid (1-2x a month RTO)
Work Schedule: Mid Shift (4 or 5 PM - Login time)

DUTIES and RESPONSIBILITIES:
Vulnerability Analysts aid in the identification, assessment, and communication of new and
emergent threats in the cybersecurity landscape, specifically vulnerability intelligence and
detections. As a Vulnerability Analyst, you will be expected to familiarize yourself with high-impact
and critical vulnerabilities, proofs-of-concept, and reports of in-the-wild exploitation, producing
and reviewing intelligence summaries accessible to Client's customers.
• Vulnerability Lead Identification and Analysis: You will be tasked with the prompt
identification, analysis, and comprehensive assessment of emerging cybersecurity
threats, specifically recently disclosed or exploited vulnerabilities.
➢ Subject Matter: Your technical prowess will be crucial in ensuring our preparedness
for potential risks and understanding the implications of prompt and thorough analysis
of high-impact vulnerabilities.
➢ Key Detail Identification: During research, identify and take note of infection chains,
host and network IoCs, malware samples, threat actors, exposed vulnerable
instances, publicly available proofs-of-concept, and MITRE ATT&CK tactics and
techniques
• Author Insikt Notes: Write TTP Instances detailing identified vulnerability leads. TTP
Instances include a combination of information from open-source reporting and your own
analysis (i.e. code review). Each TTP Instance should comprehensively address the
nature of the threat, its potential impact, suggested mitigation strategies, and a succinct
summary for quick referencing. ○ Cadence: Write at least 2 TTP Instance notes daily
➢ Quality: Authored TTP Instances should include minimal grammatical or syntax errors.
Plagiarism is not acceptable.
• Detection Engineering: Design and develop Nuclei templates for vulnerability scanning,
ensuring these templates are tailored to detect new and emerging vulnerabilities
efficiently.
➢ Cadence: Create at least 1 Nuclei template per month with assistance from our Senior
Vulnerability Analyst
➢ Delivery: Nuclei templates will be delivered alongside a TTP Instance. ● Information
Security: Adhere to and implement Infinit-O's quality and information security policies
and carry out its processes and procedures accordingly. ○ Protect client-supplied and
generated-for-client information from unauthorized access, disclosure, modification,
destruction, or interference (see also Table of Offenses)
➢ Carry out tasks as assigned and aligned with particular processes or activities related
to information security.
➢ Report any potential or committed non-conformity, observation and/or security event
or risks to your immediate superior.

QUALIFICATIONS:
• B.S. equivalent in computer science, information systems, or cyber intelligence
• 1 - 2 years of minimum professional experience in cybersecurity, with a focus on threat
detection, penetration testing, or vulnerability assessment.
• A solid grasp of fundamental cybersecurity principles, attack trajectories, and techniques
for vulnerability analysis.
• Demonstrable experience researching and analyzing new cyber threats.
• Practical experience using common threat intelligence analysis models such as MITRE
ATT&CK, D3FEND, the Diamond Model, and the Cyber Kill Chain.
• Familiarity with and use of common cyber threat intelligence tools such as Domain Tools,
VirusTotal, Shodan, etc.
• Demonstrable experience in technical writing, showcasing an ability to translate complex
technical concepts into engaging, reader-friendly content.