The External Attack Surface Management (EASM) Validation Analyst is responsible for triaging, validating, and operationalizing external security findings across EASM platforms, Vulnerability Disclosure Program (VDP), and GenAI-driven discovery capabilities. This role ensures that externally identified risks are accurate, prioritized appropriately, attributed to the correct owners, and driven toward remediation, enabling scalable risk reduction across the enterprise attack surface.

Key Responsibilities

• Triage and validate findings from EASM tools, VDP submissions, and GenAI-driven detection capabilities

• Perform technical validation to eliminate false positives and confirm exploitability risk

• Assign severity based on risk frameworks (CVSS, EPSS, KEV, asset criticality)

• Identify and attribute ownership to responsible application, infrastructure, or business teams

• Enrich findings with evidence, proof-of-concept, and remediation guidance

• Drive findings through remediation workflows, tracking SLA adherence and escalation

• Correlate findings across multiple sources to identify systemic risks or duplicate exposures

• Maintain and improve triage playbooks, workflows, and standard operating procedures

Platform & Operations Management

• Administer and support EASM and VDP platforms (e.g., Censys, Defender EASM, HackerOne, BugCrowd)

• Manage integrations with enterprise systems

• Ensure data quality, ingestion accuracy, and workflow integrity across platforms

• Monitor platform performance, uptime, and SLA adherence

• Support onboarding of new capabilities, including GenAI detection pipelines

Collaboration & Stakeholder Engagement

• Partner with application owners, infrastructure teams, and security teams to drive remediation

• Communicate risk in a clear, actionable manner for both technical and non-technical stakeholders

• Work with VDP researchers when needed to clarify submissions and validate findings

• Collaborate with broader vulnerability management and EASM/VDP leadership to improve processes

Required Qualifications

• 2-5 years of experience in cybersecurity, vulnerability management, or application security

• Strong understanding of web, API, cloud, and network security concepts

• Experience with vulnerability triage, validation, and risk prioritization

• Familiarity with EASM tools and vulnerability management platforms

• Knowledge of VDP or bug bounty programs and triage methodologies

• Strong analytical and problem-solving skills

Preferred Qualifications

• Experience with scripting (Python, PowerShell, Bash)

• Familiarity with GenAI-assisted security tooling

• Experience working with ServiceNow VR/IRM, UVM platforms, or similar systems

• Knowledge of SaaS, cloud environments (AWS, Azure), and internet-exposed services

• Industry certifications (Security+, CEH, OSCP, CISSP - Associate level)

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a missionwe're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.