Vulnerability Analyst

Jobgether · US

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Vulnerability Analyst in United States.

This role sits at the core of enterprise cybersecurity operations, ensuring that vulnerabilities are continuously identified, assessed, and remediated across complex, cloud-based environments. The position combines hands-on technical vulnerability management with compliance-driven security monitoring for highly regulated frameworks such as FedRAMP, PCI, and HITRUST. You will work closely with engineering, cloud, and DevSecOps teams to embed security into CI/CD pipelines and modern infrastructure. The role also involves translating technical findings into clear, risk-based insights for clients and federal stakeholders. Operating in a fast-paced consulting environment, you will support continuous monitoring programs, audit readiness, and authorization activities. This is a highly collaborative position with direct impact on maintaining secure and compliant systems for enterprise and government clients.

Accountabilities

In this role, you will manage end-to-end vulnerability operations and compliance-aligned security monitoring across cloud and enterprise environments:

  • Manage the full POA&M lifecycle, including tracking, updates, risk justification, and coordination with assessors and stakeholders.
  • Conduct vulnerability scanning across systems, applications, databases, networks, and cloud environments, ensuring timely remediation tracking.
  • Analyze scan results, identify false positives, and prepare risk-based deviation documentation and supporting assessments.
  • Maintain security control evidence, system inventories, and authorization boundary documentation for compliance reporting and audits.
  • Support continuous monitoring activities aligned with frameworks such as FedRAMP, HITRUST, PCI, and NIST 800-53.
  • Collaborate with engineering, SRE, and DevSecOps teams to integrate vulnerability management into CI/CD pipelines and cloud platforms.
  • Produce monthly reports, client updates, and executive briefings translating technical vulnerabilities into actionable risk insights.

    • Requirements

    This role requires strong technical security expertise, hands-on vulnerability management experience, and familiarity with regulated cloud environments:

    • 3–5 years of experience in vulnerability management, security operations, or compliance-focused cybersecurity roles.
    • Hands-on experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Wiz, or similar platforms.
    • Experience working within cloud environments such as AWS, Azure, or GCP, including security controls and attack surface analysis.
    • Familiarity with compliance frameworks including FedRAMP, HITRUST, PCI, or NIST 800-53.
    • Strong understanding of vulnerability scoring models (e.g., CVSS) and risk prioritization methodologies.
    • Ability to distinguish false positives and produce risk-based remediation or deviation justifications.
    • Strong communication skills with experience presenting technical findings to clients and stakeholders.
    • Proficiency in scripting (Python, PowerShell, or Bash) for automation and reporting is a plus.

      • Benefits

      • Competitive salary range of $78,000–$135,000 annually (based on experience and location)
      • Performance-based incentive and recognition programs
      • Flexible work arrangements (remote or hybrid options depending on role requirements)
      • Comprehensive health, dental, vision, and insurance coverage
      • Paid parental leave and family support benefits
      • Flexible time off policy
      • Certification, training, and professional development reimbursement
      • Mental health and wellbeing support resources
      • Opportunities to participate in employee communities and engagement programs
Apply →

Other roles at Jobgether

More Security roles