Vulnerability Management Analyst (US Remote)

Get AI-powered advice on this job and more exclusive features.

This range is provided by Stott and May. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$110,000.00/yr - $115,000.00/yr

Vulnerability Management Analyst (US Remote)

Location: US Remote

Department: Security Risk Management

We’re seeking a Vulnerability Management Analyst to join a cybersecurity team as they transition away from services currently provided by a third party. This is a key role in a newly forming security organization, where you'll help identify, assess, and manage risks to ensure a secure, resilient technology environment.

As a Vulnerability Management Analyst, you’ll take the lead in detecting system weaknesses, conducting vulnerability scans, prioritizing risks, and collaborating with teams across IT and development to drive remediation. You’ll be instrumental in reducing the organization’s attack surface and safeguarding our digital assets.

• Conduct regular vulnerability scans using tools like Tenable Nessus or Qualys.
• Analyze scan results, assess exploitability, and prioritize remediation efforts.
• Collaborate with IT, DevOps, and system owners to validate and verify the remediation of vulnerabilities.
• Develop dashboards, reports, and metrics to track remediation progress and risk posture.
• Research new vulnerabilities and threats, and assess their impact on systems and networks.
• Provide mitigation strategies and countermeasures for identified security gaps.
• Ensure security configurations and hardening guidelines are implemented effectively.
• Regularly review and refine vulnerability management policies.
• Support compliance with industry best practices and regulatory standards.

• 3+ years of experience in vulnerability management or related cybersecurity roles.
• Deep familiarity with vulnerability scanning tools (Nessus, Qualys) and CVSS/EPSS scoring.
• Experience with SIEM, EDR, and SOAR solutions (e.g., Sentinel, CrowdStrike).
• Scripting skills (Python, PowerShell) for automation and efficiency.
• Strong knowledge of cloud environments (AWS, Azure, GCP).
• Solid understanding of threat modeling and risk assessment.
• Excellent communication, collaboration, and documentation skills.
• Relevant certifications such as CompTIA Security+, GCVA, CVMP or similar are a plus.

APPLY NOW!

• Mid-Senior level

• Full-time

• Information Technology

• Technology, Information and Media