About CleanStart:

CleanStart is revolutionizing software supply chain security through our advanced
vulnerability database platform and CleanStart product line. We provide hardened,
vulnerability-free container images with built-in security, compliance, and performance
benefits. Our mission is to transform container security by eliminating pre-existing
vulnerabilities and providing full visibility and control over the software supply chain.

Role Overview:

As an Associate Threat Research Engineer on our Threat Research team, you will support
the management of vulnerability tracking through our database pipeline tool. With 1-3 years
of experience, you will help maintain integrations with leading security scanners, assist in
managing customer advisories, and contribute to tracking FIPS and compliance
requirements. Your role is vital in ensuring our customers receive timely, accurate security
information while maintaining the integrity of our vulnerability intelligence platform.

Key Responsibilities:

• Assist in managing vulnerability tracking through our pipeline tool
• Support integrations with leading security scanners (Grype, Snyk, Trivy, etc.)
• Help prepare and distribute customer advisories based on vulnerability criticality
  and exploitability
• Track and document vulnerability exploitability information
• Assist in monitoring FIPS and security compliance requirements
• Support the traceability of vulnerabilities to affected packages and fixes
• Help maintain security scanner data mappings and transformations
• Contribute to vulnerability assessment and classification processes
• Support the creation of severity and impact ratings for identified vulnerabilities
• Collaborate with Package Build teams to coordinate security response activities

Required Qualifications:

• 1-3 years of experience in security operations, vulnerability management, or related
  fields
• Basic understanding of vulnerability assessment and tracking tools
• Familiarity with security scanner outputs and formats
• Knowledge of vulnerability scoring systems (CVSS, etc.)
• Experience with data tracking and documentation
• Basic scripting abilities (Python, Bash, etc.)
• Attention to detail and strong analytical skills
• Bachelor's degree in Computer Science or related field, or equivalent experience

Preferred Qualifications:

• Experience with vulnerability management platforms or tools
• Familiarity with security scanner APIs and integration methods
• Basic understanding of compliance frameworks (FIPS, NIST, etc.)
• Knowledge of container technologies and security
• Experience preparing security advisories or notifications
• Interest in threat intelligence and vulnerability research
• Basic understanding of data pipeline systems
• Enthusiasm for security operations and vulnerability management