Vulnerability Management Analyst

About The Position

Requirements

• This position is Remote.
• Bachelor's degree or commensurate experience is Required.
• 3+ years professional work experience in vulnerability management, security operations, or IT risk within a regulated environment is Required.
• Hands-on experience with vulnerability scanning tools, such as: Tenable (Nessus, Tenable.io), Qualys, Rapid7 or similar platforms is Required.
• Prior financial industry regulations and frameworks (FFIEC, NCUA, GLBA, NIST) is Required.
• Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks is Required.
• Global Information Assurance Certification (GIAC), GIAC Security Essentials Certification (GSEC) or Enterprise Vulnerability Assessor Certification (GEVA) is Required.

Responsibilities

• Conduct regular vulnerability scanning of networks, servers, endpoints, cloud environments, and applications using approved tools.
• Analyze scan results to identify false positives, determine exploitability, and assess business and regulatory risk.
• Prioritize vulnerabilities based on CVSS scores, threat intelligence, asset criticality, and financial institution risk impact.
• Track vulnerabilities through remediation, validation, and closure using ticketing or governance platforms.
• Perform re-scans to validate remediation effectiveness.
• Ensure vulnerability management practices align with: FFIEC Cybersecurity Assessment Tool (CAT) NCUA or banking regulatory guidance GLBA Safeguards Rule Internal Information Security and Risk Management policies
• Prepare documentation, metrics, and evidence for internal audits, regulatory exams, and third-party assessments.
• Support risk acceptance decisions by documenting compensating controls and residual risk.
• Partner with IT infrastructure, application development, cloud, and network teams to remediate identified risks.
• Translate technical vulnerabilities into clear business risk language for leadership and non-technical stakeholders.
• Provide guidance on secure configuration, patching, and vulnerability mitigation strategies.
• Participate in security incident response activities when vulnerabilities are exploited or pose imminent risk.
• Monitor emerging threats, zero-day vulnerabilities, and industry advisories relevant to financial services.
• Contribute to vulnerability management policies, standards, and procedures.
• Assist with penetration testing coordination and result analysis.
• Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with required frameworks.
• Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries.
• Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments.
• Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture.
• Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches.
• Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation.
• Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates.
• Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures.
• Run the daily vulnerability management program operations, work closely with the patch management analyst in identifying and patching vulnerabilities, and actively participate in weekly vulnerability management team meetings.
• Comply with all Federal Regulations as they pertain to your job duties, including BSA.

Benefits

• 25 days of paid time off and 10 paid holidays
• 16 hours of paid Volunteer Time Off
• 401K Retirement with up to 6% employer match
• Excellent Health, Dental, Vision insurance, including multiple plan options
• Health Savings Account with generous employer contributions
• Employer paid Life insurance, Short-Term and Long-Term Disability
• Tuition Reimbursement from $4,000 - $7,000 per calendar year
• Robust Learning and Development program that includes an annual professional development stipend