Lead Vulnerability Management Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field; or equivalent practical experience.
• 6+ years of experience in cybersecurity, with significant experience in vulnerability management, security operations, or infrastructure/application security.
• Strong understanding of vulnerability assessment tools and platforms such as Tenable, Qualys, Rapid7, or similar solutions.
• Experience analyzing vulnerabilities across operating systems, networks, databases, applications, cloud environments, and containers.
• Knowledge of CVSS, Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and risk-based vulnerability prioritization.
• Familiarity with enterprise operating environments including Windows, Linux, cloud platforms, virtualization, and network technologies.
• Experience working with remediation teams to drive issue resolution in complex enterprise environments.
• Strong written and verbal communication skills, including the ability to explain technical findings to non-technical stakeholders.
• Demonstrated ability to lead initiatives, influence cross-functional teams, and manage competing priorities.

Nice To Haves

• Relevant certifications such as CISSP, GIAC, Security+, GSEC, GPEN, or similar.
• Experience with cloud security and vulnerability management in AWS, Azure, or Google Cloud environments.
• Familiarity with DevSecOps practices, container security, and CI/CD pipeline scanning.
• Experience with scripting or automation using Python, PowerShell, Bash, or similar languages.
• Knowledge of regulatory and compliance frameworks such as NIST, ISO 27001, CIS Controls, PCI DSS, or SOX.
• Experience with ticketing, workflow, and reporting tools such as ServiceNow, Jira, Power BI, or Tableau.

Responsibilities

• Lead the enterprise vulnerability management program, including vulnerability scanning, analysis, prioritization, reporting, and remediation tracking.
• Review and validate vulnerability scan results from infrastructure, endpoints, applications, containers, cloud platforms, and other technology assets.
• Analyze vulnerabilities for exploitability, business impact, and remediation urgency using risk-based methodologies.
• Partner with IT, engineering, application development, cloud, and infrastructure teams to coordinate remediation activities and reduce risk.
• Establish and maintain vulnerability management processes, standards, procedures, and service level expectations.
• Provide guidance on remediation strategies, compensating controls, and exception handling where immediate remediation is not feasible.
• Monitor emerging threats, zero-day vulnerabilities, and industry advisories to assess organizational exposure and recommend response actions.
• Lead efforts to improve scanning coverage, asset visibility, reporting accuracy, and remediation effectiveness.
• Develop and present metrics, dashboards, and executive-level reporting on vulnerability trends, remediation performance, and risk posture.
• Support internal and external audits, regulatory requirements, and security assessments related to vulnerability management.
• Collaborate with incident response, threat intelligence, security operations, and governance teams to align vulnerability priorities with active threats and business risk.
• Mentor junior analysts and provide technical leadership across vulnerability assessment and remediation efforts.
• Evaluate and optimize vulnerability management tools, integrations, and automation capabilities.

Benefits

• Competitive compensation
• Annual bonus eligibility
• A generous retirement plan
• Hybrid work schedule
• Health and wellness benefits, including online therapy
• Paid time off for vacation, illness, medical appointments, and volunteering days
• Family care resources, including fertility and adoption benefits