Vulnerability Management Analyst

About The Position

Requirements

• 3-5 years experience, preferably in vulnerability management.
• Strong engineering experience with cloud, containers, open-source code, deployment and misconfigurations.
• Intermediate experience with scripting languages (e.g., Python, PowerShell) for automating data ingestion, reporting, or integrating VM data into other security tools (SIEM/SOAR).
• Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC, GDPR) and providing evidence for compliance and audit needs.
• Experience tracking trends and configure systems as required to reduce false positives from true events.
• Process Improvement: Drive continuous improvement in the efficiency of vulnerability remediation through automation, ticketing system integration (e.g., Jira), and process streamlining.
• Influence & Collaboration – Demonstrable experience building strong partnerships in a matrixed organization.
• Technical – Intermediate understanding of product security issues (like XXE, SSRF, Injections, etc.), modern software development (fully automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure, GCP, Containers, Kubernetes) architectures, particularly Amazon Web Services, Kubernetes, and Docker.
• Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.

Nice To Haves

• Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE , or other relevant certifications are preferred.
• If the candidate does not have the AWS Certified Cloud Practitioner or AWS Certified Cloud Security – Specialty, they must take these certifications within first year of employment.

Responsibilities

• Collaborating in the enterprise-wide product security and resilience strategy, aligning with business goals and regulatory requirements.
• Partnering with Dev/Ops, engineering, product management, and infrastructure teams to integrate vulnerability management practices into production environments.
• Identifying risk in a production environment comprised of a sophisticated SaaS architecture consisting of dozens of microservices
• Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, tool/exploit development, cyber threat intelligence analysis and adversarial tactics.
• Explaining risks, identifing dependencies, and facilitating the remediation process by providing necessary details and context.
• Enforce a prioritization framework that utilizes risk context beyond standard CVSS scores, factoring in asset criticality, exposure to the public internet, and internal threat intelligence (e.g., active exploitation in the wild).
• Drive the adoption of security automation, vulnerability management with product teams.
• Providing program performance reporting and metrics per business unit and product.

Benefits

• Health and wellness coverage: Medical, dental, and vision insurance
• Disability coverage: Short-term and long-term disability
• Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
• Additional life coverage options: Supplemental life insurance for employees, spouses, and children
• Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
• Financial security: 401(k) Savings and Investment Plan with company matching
• Time off benefits: Flexible vacation policy
• Holidays: 8 paid holidays annually
• Sick leave
• Parental support: Paid parental leave
• Employee Assistance Program (EAP) and Care Counselors
• Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
• Health Savings Account (HSA) with employer contribution