Dragos, Inc. · 17 hours ago
Associate Principal Vulnerability Analyst
United States
Full-time
Remote
Senior Level
$145K/yr - $145K/yr
6+ years expDragos, Inc. is on a mission to defend industrial organizations that provide essential services. They are seeking an experienced Vulnerability Analyst to transform vulnerability data into actionable intelligence for operational technology environments, ensuring the protection of industrial infrastructure.
Cyber SecurityNetwork SecuritySecurity
Responsibilities
Evaluate vulnerability disclosures from CVEs, NVD, KEV, CISA, vendor advisories, and other public sources to assess relevance and impact to OT environments
Curate and prioritize vulnerability information based on asset criticality, exploitability, and operational impact to industrial systems
Own the technical strategy for vulnerability content standards, including analysis methodologies, quality benchmarks, and content review
Enrich vulnerability data by mapping affected products, firmware versions, and asset classifications to ensure comprehensive coverage
Translate technical vulnerability details into actionable, OT-contextualized content for the Dragos platform, including advisories, asset mappings, and mitigation guidance
Leverage platform telemetry and maintain product catalogs to identify detection gaps, prioritize coverage, and improve content accuracy
Mentor junior and mid-level analysts, providing technical guidance and quality review of content outputs
Lead cross-functional initiatives with engineering teams to improve content creation workflows, validation processes, and delivery pipelines
Monitor emerging vulnerability sources and feeds to ensure timely coverage and identify gaps in existing content
Drive continuous improvement of team processes, content standards, and analysis methodologies
Qualification
Required
6+ years of experience in vulnerability analysis, vulnerability management, or a related technical security discipline
2+ years of hands-on experience with ICS/OT technologies, including PLCs, RTUs, HMIs, SCADA systems, or industrial networking protocols (Modbus, DNP3, EtherNet/IP, OPC, etc.)
Strong understanding of CVE lifecycle, CVSS scoring, CPE (Common Platform Enumeration), and vulnerability advisory interpretation
Strong working knowledge of vulnerability databases, threat intelligence feeds, and security content platforms
Demonstrated ability to map vulnerabilities to affected products, firmware versions, and asset inventories
Proven ability to produce clear, accurate, and actionable technical content for diverse audiences
Proficiency with git workflows, branching strategies, and code review processes
Familiarity with command-line tooling and scripting languages (Python or similar) for workflow automation
Strong communication and collaboration skills with the ability to mentor others and influence content quality standards
Preferred
Background in asset management, configuration management, or IT/OT inventory systems is beneficial
Prior experience in critical infrastructure sectors (energy, manufacturing, water, transportation) is nice to have
Benefits
Competitive Equity Package
Comprehensive Benefits Plan
Company
Dragos, Inc.
Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$438.2MKey Investors
WestCapCanaan PartnersDataTribe
2023-09-18Series D· $74M
2021-10-28Series D· $200M
2020-12-08Series C· $110M
Leadership Team
Robert Lee
Chief Executive Officer and Founder
Kurt Gaudette
Senior Vice President, Intelligence & Services
Recent News
Energy-Storage.News
2025-12-16
Company data provided by crunchbase