Senior Vulnerability Management (VM) Analyst

Verisign•Reston, VA

12d•$164,300 - $222,300•Hybrid

About The Position

Verisign helps enable the security, stability, and resiliency of the internet. We are a trusted provider of internet infrastructure services for the networked world and deliver unmatched performance in domain name system (DNS) services. We are a mission focused, values driven company where each individual can contribute to building a stronger, more secure internet. We offer a dynamic and flexible work environment with competitive benefits and the ability to grow your career. Verisign is seeking a detail-oriented and proactive Senior Vulnerability Management (VM) Analyst with a focus on Secure Configuration Management (SCM) benchmark findings. This role will be responsible for analyzing, prioritizing, and remediating configuration-based vulnerabilities in collaboration with various technology teams. The ideal candidate will play a critical role in reducing risk by driving compliance with secure configuration baselines.

Requirements

10+ years of experience in vulnerability management, security operations, or system administration
Hands-on experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and configuration management platforms
Familiarity with secure configuration benchmarks (CIS, DISA STIGs, etc.)
Experience with ServiceNow SecOps
Bachelors' degree or equivalent work experience
Strong understanding of operating system hardening (Windows, MAC, Linux) and network device configurations
Experience with PowerShell, Python, or scripting for automation is a plus
Knowledge of SIEM, SOAR, and ITSM platforms is beneficial
Excellent analytical and problem-solving skills
Strong communication skills with the ability to collaborate and influence across technology teams
Detail-oriented with the ability to manage multiple priorities effectively
Ability to partner with remediation teams to focus on remediation targets

Nice To Haves

Certifications such as CompTIA Security+, GIAC GCIH, CISSP, or CISA
Experience with cloud security configurations (AWS, Azure, GCP)
Familiarity with compliance frameworks (NIST, ISO 27001, PCI DSS)

Responsibilities

Secure Configuration Assessment: Perform regular reviews and assessments of SCM benchmark findings to identify deviations from established security baselines
Leverage vulnerability scanning tools (e.g., Tenable, Qualys, WIZ) and configuration management platforms to detect and track misconfigurations
Prioritization and Risk Reduction: Collaborate with technology and security teams to prioritize remediation efforts based on risk impact, exploitability, and business impact
Develop and maintain a risk-based prioritization framework for secure configuration findings
Support the remediation of high-risk misconfigurations by providing technical guidance and best practices
Remediation and Collaboration: Work with infrastructure, cloud, and application teams to ensure configuration compliance with internal and industry standards
Provide guidance on hardening system configurations (Windows, MAC, Linux, network devices, etc.) according to established benchmarks
Track and validate remediation efforts to ensure effective closure of findings
Reporting and Documentation: Generate and deliver reports on configuration vulnerabilities, trends, and remediation progress to key stakeholders
Review remediation plans, exceptions, and compensating controls with stakeholders
Ensure accurate and timely documentation of configuration changes and updates
Continuous Improvement: Stay current with emerging security vulnerabilities, best practices, and secure configuration standards
Identify opportunities for automation and process enhancement to streamline SCM activities
Contribute to the development and maintenance of configuration hardening guidelines