Sr Vulnerability Management Analyst

Vanguard•Malvern, PA

1d•Hybrid

About The Position

We’re excited for a Senior Vulnerability Management Analyst to join our high-energy team – to help shape the future of Vanguard’s attack surface management and VulnOps. This role sits at the intersection of security risk, automation, and emerging AI‑driven capabilities. If you’re a cybersecurity professional who thrives on critical thinking, challenging yourself, and shaping how humans and machines work together to reduce risk - this role is for you! You’ll be responsible for identifying, prioritizing, and managing vulnerabilities across Vanguard’s hybrid infrastructure – ensuring adherence to security hardening standards and integration with AI-assisted remediation tooling. The role requires strong analytical & communication skills, combined with technical and security expertise. This is a great opportunity to join a growing team – working in a fast-paced cross-functional environment to protect Vanguard and its clients from cyber security threats.

Requirements

Minimum of 5 years related work experience required, with 2 years of experience managing vulnerabilities at scale and understanding of security frameworks
Strong knowledge of CVSS
Expertise in at least 1 major cloud service provider
Prior experience automating processes
Undergraduate degree in a related field or the equivalent combination of training & experience
Exceptional problem-solving ability
Solid communication skills, with the ability to influence stakeholders across various seniority levels
Ability to own and lead cross-functional initiatives – including planning, execution, & outcome tracking

Nice To Haves

Demonstrated passion for continuous learning
Experience with scripting and automation
Experience with Aqua, Palo Alto Prisma, Wiz, CrowdStrike, Tenable Nessus, or Qualys
Experience with Claude Code/Codex or Threat Modeling
Experience with risk controls and interacting with internal/external audit

Responsibilities

Leverage exposure assessment platforms to monitor Vanguard assets for vulnerabilities and security configuration weaknesses as part of CTEM implementation
Automate various aspects of VulnOps to help defend against AI-driven threats
Partner with the SOC, Cyber Threat Intel, Offensive Security Team, and other stakeholders to refine prioritization, to validate impact of suspected vulnerabilities, to advise owners on mitigation strategies or compensating controls, and to provide accurate & timely reporting that informs remediation progress
Investigate false-positives and requests for risk-acceptance or risk-rating adjustment
Shape enforcement controls & guardrails
In zero-day events, quickly iterate through VM lifecycle – creatively handle time-sensitive escalations, develop custom reports, and perform special investigations
Coordinate with Engineering platform team to tune scanning tools to improve visibility and to meet additional security objectives
Focus on continuous process improvement and identify opportunities for automation, fusion of disparate sources of security findings, and consistency of remediation owner experience.