Vulnerability Management Analyst

About The Position

Requirements

• Cloud Infrastructure Experience: Strong, hands-on experience securing cloud environments, particularly AWS. You should have a technical understanding of core services like EC2, and container technologies such as Kubernetes and Docker.
• Vulnerability Management Experience: 2-4 years of experience in vulnerability management, product security, or a similar cybersecurity role.
• Technical Acumen: A solid grasp of common product security issues (e.g., OWASP Top 10, SSRF, Injection flaws) and how they manifest in modern, multi-cloud architectures.
• Automation Skills: Intermediate scripting ability (e.g., Python, PowerShell) to help automate security workflows, reporting, and data analysis.
• Collaboration & Influence: A proven ability to build strong partnerships and communicate effectively with technical and non-technical stakeholders in a matrixed organization.

Nice To Haves

• Past experience in penetration testing, product security, or the security research community.
• Certifications such as AWS Certified Security - Specialty, CISSP, CISA, or CySA+.
• Note: Candidates are required to obtain the AWS Certified Cloud Practitioner or AWS Certified Security - Specialty certification within the first year of employment if not already held.

Responsibilities

• Analyze & Prioritize: Triage and assess vulnerabilities discovered in our cloud infrastructure, containerized environments, enterprise infrastructure, and applications, using a risk-based framework that goes beyond standard CVSS scores.
• Cloud Security: Partner with DevOps and Engineering to identify and remediate vulnerabilities and misconfigurations in our AWS environment.
• Drive Remediation: Act as a key liaison, explaining risks, identifying dependencies, and providing the necessary context to help teams remediate vulnerabilities efficiently.
• Automate & Improve: Contribute to the continuous improvement of our program by helping automate data ingestion, reporting, and ticketing system integrations (e.g., Jira, Slack) using scripting languages like Python or PowerShell.
• Report & Comply: Develop metrics to report on the health of the vulnerability management program and provide evidence to support compliance and audit needs for frameworks like SOC2, ISO 27001, and FedRAMP.
• Threat Intelligence: Maintain knowledge of the current threat landscape, including new attack techniques and actively exploited vulnerabilities, to inform our prioritization strategy.

Benefits

• Health and wellness coverage: Medical, dental, and vision insurance
• Disability coverage: Short-term and long-term disability
• Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
• Additional life coverage options: Supplemental life insurance for employees, spouses, and children
• Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
• Financial security: 401(k) Savings and Investment Plan with company matching
• Time off benefits: Flexible vacation policy
• Holidays: 8 paid holidays annually
• Sick leave
• Parental support: Paid parental leave
• Employee Assistance Program (EAP) and Care Counselors
• Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
• Health Savings Account (HSA) with employer contribution