Vulnerability Exploitation Analyst

TITLE: Vulnerability Exploitation Analyst
LOCATION: Atlanta, GA or Birmingham, AL (hybrid 4 days onsite)
Direct Hire: Salary, Bonus (avg payout 150% over 25 years), pension, 401K match, medical/dental, PTO, etc!
Responsibilities:

• Support day-to-day CTEM operations by validating exposure paths, confirming real world exploit potential, and ensuring vulnerabilities are escalated to remediation owners based on demonstrated risk and business impact.
• Leverage knowledge of application components and dependencies to escalate vulnerabilities to remediation owners based on risk and impact.
• Support data review, report processing, and trend analysis for exposure management programs.
• Track remediation of identified risks and mitigation strategies and escalate findings to key stakeholders.
• Analyze potential security risks, determine applicability to the environment, and conduct attack path mapping to address high-risk exposures.
• Research and replicate emerging exploits, vulnerabilities, and offensive techniques to assess real-world impact.
• Collaborate with Threat Intelligence to align testing with current threat actor behaviors and campaigns.
• Provide actionable insights and offensive-driven recommendations to harden systems and reduce attack surface.
• Maintain situational awareness of the threat landscape, including zero-days, CVEs, and novel exploitation methods.
• Partner with stakeholders to prioritize remediation based on validated risk exposure and potential adversary gaps.
• Collaborate with peers across the organization and maintain strong working relationships with key partners across technology functions and business units.

• Ability to understand business requirements and present appropriate solutions.
• Ability to work independently or within a team.
• Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments.
• Solid verbal and written communication skills.
• Demonstrated critical, independent thinking; ability to conceive and present creative solutions.
• Must pass NERC CIP & Insider Threat Protection background checks.
• One or more relevant industry certifications (i.e., OSCP, CEH, GSEC, CISSP, CISA).
• Occasional travel to local and regional locations in pursuit of job duties and requirements.

• Experience supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures.
• Application development experience in enterprise languages/frameworks (e.g., Java, .NET, Python, JavaScript).
• Working knowledge of application components such as web frameworks, middleware, servers, databases, message queues, identity providers, and third-party services.
• Familiarity with build and runtime dependencies, package managers, and associated security risks.
• Understanding of application interaction with underlying infrastructure including operating systems, containers, orchestration platforms, and cloud services.
• Deep understanding of MITRE ATT&CK, adversary TTPs, and exploit development.
• Knowledge of vulnerability research, exploit chains, and post-exploitation tactics.
• Familiarity with OWASP testing methodologies and common vulnerabilities.
• Knowledge of IT security/hardening best practices for operating systems, web applications, and network devices.
• Experience with SIEM platforms for detection validation and log analysis.

The compensation range for this position is competitive based on experience      
(dependent on factors including but not limited to client requirements, experience, statutory considerations, and location).
*Note: Disclosure as required by the Equal Pay for Equal Work Act (CO), NYC Pay Transparency Law, and sb5761 (WA)
 
Synergis is proud to be an Equal Opportunity Employer.  We value diversity and do not discriminate on the basis of race, color, ethnicity, national origin, religion, age, gender, gender identity, political affiliation, sexual orientation, marital status, disability, military/veteran status, or any other status protected by applicable law.
 
For consideration, please forward your resume to dwicks@synergishr.com
 
If you require assistance or an accommodation in the application or employment process, please contact us at dwicks@synergishr.com.
 
Qualified applicants with arrest or conviction records will be considered for employment in accordance with the requirements of applicable state and local laws, including but not limited to, the San Francisco Fair Chance Ordinance, the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
 
Synergis is a workforce solutions partner serving thousands of businesses and job seekers nationwide. Our digital world has accelerated the need for businesses to build IT ecosystems that enable growth and innovation along with enhancing the Total Experience (TX). Synergis partners with our clients at the intersection of talent and transformation to scale their balanced teams of tech, digital and creative professionals. Learn more about Synergis at ww.synergishr.com.