EASM Validation Analyst at Vanguard
Malvern, Pennsylvania, United States -
Full Time


Start Date

Immediate

Expiry Date

25 Sep, 26

Salary

0.0

Posted On

27 Jun, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

External Attack Surface Management, Vulnerability Triage, Risk Prioritization, Web Security, API Security, Cloud Security, Network Security, Vulnerability Disclosure Programs, CVSS, EPSS, KEV, Burp Suite, Python, PowerShell, Bash, ServiceNow VR/IRM

Industry

Financial Services

Description
The External Attack Surface Management (EASM) Validation Analyst is responsible for triaging, validating, and operationalizing external security findings across EASM platforms, Vulnerability Disclosure Program (VDP), and GenAI-driven discovery capabilities. This role ensures that externally identified risks are accurate, prioritized appropriately, attributed to the correct owners, and driven toward remediation, enabling scalable risk reduction across the enterprise attack surface. Key Responsibilities Triage and validate findings from EASM tools, VDP submissions, and GenAI-driven detection capabilities Perform technical validation to eliminate false positives and confirm exploitability risk Assign severity based on risk frameworks (CVSS, EPSS, KEV, asset criticality) Identify and attribute ownership to responsible application, infrastructure, or business teams Enrich findings with evidence, proof-of-concept, and remediation guidance Drive findings through remediation workflows, tracking SLA adherence and escalation Correlate findings across multiple sources to identify systemic risks or duplicate exposures Maintain and improve triage playbooks, workflows, and standard operating procedures Platform & Operations Management Administer and support EASM and VDP platforms (e.g., Censys, Defender EASM, HackerOne, BugCrowd) Manage integrations with enterprise systems Ensure data quality, ingestion accuracy, and workflow integrity across platforms Monitor platform performance, uptime, and SLA adherence Support onboarding of new capabilities, including GenAI detection pipelines Collaboration & Stakeholder Engagement Partner with application owners, infrastructure teams, and security teams to drive remediation Communicate risk in a clear, actionable manner for both technical and non-technical stakeholders Work with VDP researchers when needed to clarify submissions and validate findings Collaborate with broader vulnerability management and EASM/VDP leadership to improve processes Required Qualifications 2-5 years of experience in cybersecurity, vulnerability management, or application security Strong understanding of web, API, cloud, and network security concepts Experience with vulnerability triage, validation, and risk prioritization Familiarity with EASM tools and vulnerability management platforms Knowledge of VDP or bug bounty programs and triage methodologies Strong analytical and problem-solving skills Preferred Qualifications Experience with scripting (Python, PowerShell, Bash) Experience with Burp Suite or similar toolsets Familiarity with GenAI-assisted security tooling Experience working with ServiceNow VR/IRM, UVM platforms, or similar systems Knowledge of SaaS, cloud environments (AWS, Azure), and internet-exposed services' Industry certifications (Security+, CEH, OSCP, CISSP - Associate level) Special Factors Sponsorship Vanguard is not offering visa sponsorship for this position. About Vanguard At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. About Us Vanguard, one of the world's largest investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests. This website uses "cookies" to distinguish you from other users. A cookie is a small file of letters and numbers placed on your computer or device. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. The cookies are stored locally on your computer or mobile device. To accept cookies you can continue browsing as normal. Or you can go to our Privacy Policy to read more information and learn how to change your preferences.
Responsibilities
The analyst is responsible for triaging and validating external security findings from EASM platforms, VDPs, and GenAI tools. They ensure risks are accurately prioritized, attributed to owners, and driven toward remediation to reduce the enterprise attack surface.
Loading...