MA

Vulnerability Management Analyst / Security Analyst

Job summary

Houston

Work model

Fully remote
Only United States
5 days ago
Job description

Vulnerability Management Analyst / Security Analyst

Location: Remote

Position Overview

We are seeking an experienced Vulnerability Management Analyst to support enterprise security operations by managing vulnerability identification, prioritization, remediation tracking, and reporting. The ideal candidate will have a strong background in vulnerability lifecycle management, risk assessment, and alignment with industry standards such as National Institute of Standards and Technology (NIST).

Key Responsibilities

Vulnerability Inventory & Baseline Establishment

  • Review existing vulnerability data from scans, assessments, and security tools
  • Establish and maintain a consolidated vulnerability baseline
  • Develop and document remediation timelines based on risk posture and aging

Risk Classification & Prioritization

  • Categorize and prioritize vulnerabilities based on severity, exploitability, and business impact
  • Align classification and prioritization with NIST guidelines
  • Ensure remediation timelines align with defined risk-based SLAs

Remediation Coordination & Communication

  • Coordinate remediation efforts with system, server, and application owners
  • Communicate risk context, expectations, and remediation deadlines clearly
  • Track remediation progress and identify blockers or dependencies
  • Escalate overdue or high-risk vulnerabilities to appropriate governance channels

Tracking, Metrics & Reporting

  • Maintain accurate tracking of vulnerability remediation status
  • Produce periodic reports summarizing vulnerability posture, remediation progress, and risk exposure

Validation & Closure

  • Validate remediation through scan results and supporting evidence
  • Confirm closure of vulnerabilities in tracking systems
  • Ensure proper documentation of risk acceptance or exceptions when remediation is not feasible

Program Improvement

  • Identify process gaps and control weaknesses in vulnerability management
  • Recommend improvements aligned with NIST standards and organizational policies

Required Qualifications

  • 8 years of experience in vulnerability management and security operations
  • Proven experience in:
    • Vulnerability inventory and baseline establishment
    • Risk classification and prioritization
    • Tracking and managing vulnerability remediation
    • Producing security and status reports
    • Validating remediation using scan results and evidence
  • Strong understanding of vulnerability management tools and frameworks
  • Experience aligning processes with NIST standards and guidelines
  • Excellent analytical, communication, and coordination skills

Preferred Qualifications

  • Experience working in enterprise or government environments
  • Familiarity with tools such as vulnerability scanners (e.g., Qualys, Nessus, Rapid7)
  • Knowledge of security frameworks and compliance standards
  • Relevant cybersecurity certifications (e.g., Security , CISSP, CEH)

Note: U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. Send in resume along with LinkedIn profile without which applications will not be considered. Visa sponsorship is available for this position.