Senior Vulnerability Management Analyst
About The Position
We’re seeking a Senior Vulnerability Analyst to lead and mature our enterprise vulnerability programs across SDLC (secure development lifecycle), external attack surface, and internal infrastructure/applications. This role drives end-to-end vulnerability lifecycle management, from discovery and risk triage to remediation validation and program metrics, while partnering closely with Engineering, Product, Cloud/SRE, and IT. You’ll also coordinate penetration testing readiness, evidence collection, and remediation plans, and help embed security into the development workflow. The ideal candidate has strong application development experience, practical threat modeling skills, and a pragmatic approach to risk.
Requirements
- Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree.
- Minimum of high school diploma or equivalent is required.
- Deep technical/domain expertise and ability to lead initiatives.
- Strong understanding of OS, cloud environments, and vulnerability lifecycles.
- Partner with Detection & Response to ensure logging, alerting, and containment strategies account for known weaknesses.
Nice To Haves
- Experience with KEV catalog operationalization and threat-intel integrations.
- Knowledge of automation platforms
Responsibilities
- Lead vulnerability prioritization using CVSS, KEV, exploit intel, and asset criticality.
- Partner with engineering and application teams to remove remediation blockers.
- Own complex vulnerability investigations and coordinate cross-team resolution.
- Mentor junior analysts and help improve internal processes.
- Provide remediation guidance and secure configuration recommendations.
- Help with pen test pre-work: scope definition, rules of engagement, asset inventories, credential/test data coordination, and stakeholder comms.
- Manage findings intake, severity validation, and remediation plans with accountable owners; track to closure and report to leadership.
- Lead lessons learned and control improvements to reduce recurring issues and improve test efficiency.
- Lead continuous reduction of external attack surface: internet-exposed services, DNS, certificates, cloud perimeters, API endpoints, and third-party exposures.
- Partner with Cloud, SRE, and Networking to harden configurations, minimize unknown/legacy exposures, and validate fixes.
- Partner with engineering to mature SAST/DAST/IAST/OSS/SBOM practices, secure build pipelines, and implement “shift-left” controls (pre-commit, PR gates, CI quality bars).
- Guide threat modeling, security requirements, and secure coding practices; advise on remediation patterns and safer libraries/frameworks.
- Review architecture and code for high-risk components (authN/Z, crypto, secrets handling, supply chain, multi-tenant boundaries).
- All other duties as assigned.
Benefits
- health, vision, dental insurance
- 401k
- paid time away
- volunteer days
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
High school or GED
