Vulnerability Assessment Analyst Jobs

LastPass, the #1 password leader, provides password and identity management solutions that are convenient, easy to manage, and effortless to use, helping more than 32 million users and 100,000 businesses organize and protect their online lives. As a pioneer in cloud security technology, LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage. LastPass values users’ privacy and security, so your sensitive information is always hidden – even from us.
We welcome new ideas, support your growth, and recognize your value, if this aligns with what you are looking for in your next career move, Join Us
LastPass is looking for a Vulnerability Assessment Analyst:
The LastPass security team is seeking an experienced Vulnerability Assessment Analyst to join our team and help us ensure the security of our company and user’s data. As a member of the Trust & Security team, you will work closely with other security professionals, as well as engineering and operational teams, to identify, verify, prioritize, and assist in the resolution of vulnerabilities, in a joint effort to improve the overall security posture and reduce the attack surface. In addition, you will aid in the creation of a robust and effective vulnerability management program, enabling the organization to maintain the highest levels of security and compliance. Your role will be critical in developing a security and resilience-focused culture, as the organization strives to provide the most secure and trustworthy services to customers.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
You will be part of our Security Posture and Attack Surface Engineering & Research (SPASER) team, collaborating closely with the wider Trust & Security teams. Your focus will be on building a robust and effective vulnerability management program and providing support to, as well as actively cooperating with, other critical security functions such as threat intelligence, forensics, incident response, detection and response, and security engineering. You will also work closely with various engineering and operational teams across the organization as part of the vulnerability management lifecycle, to assist in the resolution of vulnerabilities and propose improvements to our security posture.
What are some of the exciting challenges you will be working on?

• Work closely with other security teams, including incident response and threat intelligence, to identify and mitigate security risks and vulnerabilities across the organization.
• Conducting regular vulnerability assessments of the organization's information systems, networks, and applications, including on-premises and cloud-based, using both automated scans and manual assessment methods.
• Analyzing and interpreting the results of vulnerability scans and assessments to identify potential risks, threats, and vulnerabilities that could impact the organization.
• Verifying and validating the findings of vulnerability assessments, including false positives and false negatives.
• Monitoring and tracking vulnerabilities status and trends over time.
• Working with the remediation team and stakeholders to prioritize vulnerabilities based on the level of risk and the potential impact on the organization.
• Developing and maintaining metrics and reporting systems to track the effectiveness of the organization's vulnerability management program and identify opportunities for improvement.
• Staying current on emerging threats, trends, and technologies related to vulnerability management and cybersecurity, and updating vulnerability testing methodologies accordingly.
• Providing recommendations for strategies to mitigate and remediate identified vulnerabilities.
• Creating clear and concise reports and communicating findings to key stakeholders, including IT, Platform and Software Engineering teams.
• Developing custom testing methodologies to address specific vulnerabilities or attack scenarios.
• Supporting the ongoing improvement of vulnerability management tools, including the selection, configuration, and fine-tuning of these tools to ensure that they are effective in detecting vulnerabilities and minimizing false positives.

What does it take to work at LastPass?

• Good written and verbal communication skills in English, with the ability to effectively communicate and collaborate with key stakeholders.
• Being passionate about security and knack for finding security vulnerabilities.
• Experience working with cloud-based environments and containerized workloads based on Docker and Kubernetes.
• Experience with vulnerability analysis in cloud hybrid/native environments, including familiarity with cloud specific security controls and best practices, and some experience with cloud security assessment tools and techniques.
• Proficiency with scripting languages and programming languages commonly used in vulnerability management, such as Python, PowerShell, or Bash, is expected for the development and maintenance of trade-craft tools.
• Experience with industry leading vulnerability management tools, techniques, and methodologies.
• Prior demonstrable experience conducting vulnerability assessments and related security testing.

It's great, but not required:

• Security testing focused certifications such as Offensive Security Certified Professional (OSCP) and GIAC Penetration Tester (GPEN).
• Familiarity with OWASP vulnerability management and security testing guides/standards.
• Cloud security focused certifications such as AWS Certified Security or other specialty certification or similar.

Our compensation reflects the cost of labor across several US geographic markets. The typical base pay range for this role across the U.S. is USD $96,500 in the lowest geographic market and up to $114,375 per year in our highest geographic market. Pay is based on several factors including market location and may vary depending on job-related knowledge, skills, and experience.
Why LastPass?

• Continuous learning and development opportunities
• Market-Leading Password Manager
• High-growth, collaborative environment with inclusive teams

If this piques your interest, apply today and chat with our recruitment team further.
We’re building an inclusive community that reflects the people of all races, genders, sexual orientations, national origins, backgrounds, and perspectives who share our world.
For all US based jobs please review our Applicant Privacy Notice
For all EU based jobs please review our Candidate Privacy Notice
Please review our CCPA Notice