[Remote] Associate Principal Vulnerability Analyst

Note: The job is a remote job and is open to candidates in USA. Dragos is on a mission to defend industrial organizations with a focus on ICS/OT Cybersecurity. The Associate Principal Vulnerability Analyst will transform vulnerability data into actionable intelligence for operational technology environments, ensuring the safety of industrial infrastructure. Responsibilities • Evaluate vulnerability disclosures from CVEs, NVD, KEV, CISA, vendor advisories, and other public sources to assess relevance and impact to OT environments • Curate and prioritize vulnerability information based on asset criticality, exploitability, and operational impact to industrial systems • Own the technical strategy for vulnerability content standards, including analysis methodologies, quality benchmarks, and content review • Enrich vulnerability data by mapping affected products, firmware versions, and asset classifications to ensure comprehensive coverage • Translate technical vulnerability details into actionable, OT-contextualized content for the Dragos platform, including advisories, asset mappings, and mitigation guidance • Leverage platform telemetry and maintain product catalogs to identify detection gaps, prioritize coverage, and improve content accuracy • Mentor junior and mid-level analysts, providing technical guidance and quality review of content outputs • Lead cross-functional initiatives with engineering teams to improve content creation workflows, validation processes, and delivery pipelines • Monitor emerging vulnerability sources and feeds to ensure timely coverage and identify gaps in existing content • Drive continuous improvement of team processes, content standards, and analysis methodologies Skills • 6+ years of experience in vulnerability analysis, vulnerability management, or a related technical security discipline • 2+ years of hands-on experience with ICS/OT technologies, including PLCs, RTUs, HMIs, SCADA systems, or industrial networking protocols (Modbus, DNP3, EtherNet/IP, OPC, etc.) • Strong understanding of CVE lifecycle, CVSS scoring, CPE (Common Platform Enumeration), and vulnerability advisory interpretation • Strong working knowledge of vulnerability databases, threat intelligence feeds, and security content platforms • Demonstrated ability to map vulnerabilities to affected products, firmware versions, and asset inventories • Proven ability to produce clear, accurate, and actionable technical content for diverse audiences • Proficiency with git workflows, branching strategies, and code review processes • Familiarity with command-line tooling and scripting languages (Python or similar) for workflow automation • Strong communication and collaboration skills with the ability to mentor others and influence content quality standards • Background in asset management, configuration management, or IT/OT inventory systems is beneficial • Prior experience in critical infrastructure sectors (energy, manufacturing, water, transportation) is nice to have Benefits • Competitive Equity Package • Comprehensive Benefits Plan Company Overview • Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. It was founded in 2016, and is headquartered in Hanover, Maryland, USA, with a workforce of 501-1000 employees. Its website is https://www.dragos.com. Apply Now Apply Now