Vulnerability Analyst

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Vulnerability Analyst in United States.

This role sits at the core of enterprise cybersecurity operations, ensuring that vulnerabilities are continuously identified, assessed, and remediated across complex, cloud-based environments. The position combines hands-on technical vulnerability management with compliance-driven security monitoring for highly regulated frameworks such as FedRAMP, PCI, and HITRUST. You will work closely with engineering, cloud, and DevSecOps teams to embed security into CI/CD pipelines and modern infrastructure. The role also involves translating technical findings into clear, risk-based insights for clients and federal stakeholders. Operating in a fast-paced consulting environment, you will support continuous monitoring programs, audit readiness, and authorization activities. This is a highly collaborative position with direct impact on maintaining secure and compliant systems for enterprise and government clients.

Accountabilities

In this role, you will manage end-to-end vulnerability operations and compliance-aligned security monitoring across cloud and enterprise environments:

• Manage the full POA&M lifecycle, including tracking, updates, risk justification, and coordination with assessors and stakeholders.
• Conduct vulnerability scanning across systems, applications, databases, networks, and cloud environments, ensuring timely remediation tracking.
• Analyze scan results, identify false positives, and prepare risk-based deviation documentation and supporting assessments.
• Maintain security control evidence, system inventories, and authorization boundary documentation for compliance reporting and audits.
• Support continuous monitoring activities aligned with frameworks such as FedRAMP, HITRUST, PCI, and NIST 800-53.
• Collaborate with engineering, SRE, and DevSecOps teams to integrate vulnerability management into CI/CD pipelines and cloud platforms.
• Produce monthly reports, client updates, and executive briefings translating technical vulnerabilities into actionable risk insights.

Requirements

This role requires strong technical security expertise, hands-on vulnerability management experience, and familiarity with regulated cloud environments:

• 3–5 years of experience in vulnerability management, security operations, or compliance-focused cybersecurity roles.
• Hands-on experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Wiz, or similar platforms.
• Experience working within cloud environments such as AWS, Azure, or GCP, including security controls and attack surface analysis.
• Familiarity with compliance frameworks including FedRAMP, HITRUST, PCI, or NIST 800-53.
• Strong understanding of vulnerability scoring models (e.g., CVSS) and risk prioritization methodologies.
• Ability to distinguish false positives and produce risk-based remediation or deviation justifications.
• Strong communication skills with experience presenting technical findings to clients and stakeholders.
• Proficiency in scripting (Python, PowerShell, or Bash) for automation and reporting is a plus.

Benefits

• Competitive salary range of $78,000–$135,000 annually (based on experience and location)
• Performance-based incentive and recognition programs
• Flexible work arrangements (remote or hybrid options depending on role requirements)
• Comprehensive health, dental, vision, and insurance coverage
• Paid parental leave and family support benefits
• Flexible time off policy
• Certification, training, and professional development reimbursement
• Mental health and wellbeing support resources
• Opportunities to participate in employee communities and engagement programs

How Jobgether works:

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

 Why Apply Through Jobgether? 

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1