Security Specialist Associate — Vulnerability Management Dispositioning Analyst

About The Position

Requirements

• Bachelor's degree OR Associates degree with one year relevant experience in system administration/help desk/security (cyber or physical) OR High School Diploma/GED with 2 years relevant experience in IT system administration/help desk/security (cyber or physical); OR graduation from an approved Cybersecurity Program; alternatively may have non-degree qualifications (such as hands-on demonstrated ability in a technical interview/assessment).

Nice To Haves

• Vulnerability Management Analyst
• Cybersecurity Exception Analyst
• Cybersecurity Risk Analyst
• Vulnerability Dispositioning Analyst
• Junior Cybersecurity Analyst
• Cybersecurity Operations Analyst

Responsibilities

• Operate as a junior analyst on the Vulnerability Management Dispositioning sub-team (Pillar 3), responsible for moving analyzed vulnerabilities through to a documented remediation decision in partnership with AEP business units.
• Receive analyzed vulnerabilities from the Vulnerability Analysis sub-team and partner with the affected business unit to build remediation action plans, including patch, mitigate, configuration change, or formal exception paths.
• Run the day-to-day vulnerability exception process, including intake of business unit submissions, validation of supporting information, risk ranking inputs, and routing of exceptions through the appropriate Director, VP, and SVP approval chain.
• Capture and enter business unit responses, action plans, and exception decisions into the on-premises Fortress vulnerability management platform with accuracy and consistency.
• Coordinate with Fortress Information Security contractors who provide staff augmentation for routine dispositioning processes, leveraging their capacity while maintaining AEP-side ownership of decisions and quality.
• Build and maintain strong, collaborative working relationships with assigned business unit partners across IT, Operational Technology, and corporate functions; serve as a constructive, helpful point of contact rather than an adversarial enforcer.
• Engage AEP's Operational Technology partners (generation, transmission, distribution) with the same respect and partnership posture, recognizing the operational realities that influence remediation timing and approach.
• Produce junior-grade exception reports, approval packets, and status summaries for directors, VPs, and SVP-level audiences using established team templates and tooling.
• Perform a warm, structured handoff of dispositioned items to the Vulnerability Tracking sub-team (Pillar 4), ensuring approved exceptions, action plans, and remediation commitments transfer cleanly and with full context.
• Maintain clear, current documentation of exception status, business unit commitments, and outstanding action items so leadership has accurate visibility at any point in the process.
• Communicate effectively in writing and verbally with peers, business unit contacts, contractors, and leadership; ask clarifying questions and escalate appropriately when blocked.
• Demonstrate strong soft skills, including active listening, professionalism, attention to detail, time management, and the ability to navigate competing priorities across multiple business units.
• Maintain awareness of NERC CIP regulatory requirements as dispositioning activities interact with CIP-regulated assets and information.
• Participate in a shared on-call rotation across the broader Vulnerability Management team.
• Pass and maintain the background check required for access to NERC CIP-regulated assets and information.

Benefits

• Competitive compensation
• Comprehensive benefits package that aims to support and enhance the overall well-being of our employees