Vulnerability Analyst in United States at Jobgether

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Vulnerability Analyst in United States.

This role sits at the core of enterprise cybersecurity operations, ensuring that vulnerabilities are continuously identified, assessed, and remediated across complex, cloud-based environments. The position combines hands-on technical vulnerability management with compliance-driven security monitoring for highly regulated frameworks such as FedRAMP, PCI, and HITRUST. You will work closely with engineering, cloud, and DevSecOps teams to embed security into CI/CD pipelines and modern infrastructure. The role also involves translating technical findings into clear, risk-based insights for clients and federal stakeholders. Operating in a fast-paced consulting environment, you will support continuous monitoring programs, audit readiness, and authorization activities. This is a highly collaborative position with direct impact on maintaining secure and compliant systems for enterprise and government clients.

In this role, you will manage end-to-end vulnerability operations and compliance-aligned security monitoring across cloud and enterprise environments:

• Manage the full POA&M lifecycle, including tracking, updates, risk justification, and coordination with assessors and stakeholders.
• Conduct vulnerability scanning across systems, applications, databases, networks, and cloud environments, ensuring timely remediation tracking.
• Analyze scan results, identify false positives, and prepare risk-based deviation documentation and supporting assessments.
• Maintain security control evidence, system inventories, and authorization boundary documentation for compliance reporting and audits.
• Support continuous monitoring activities aligned with frameworks such as FedRAMP, HITRUST, PCI, and NIST 800-53.
• Collaborate with engineering, SRE, and DevSecOps teams to integrate vulnerability management into CI/CD pipelines and cloud platforms.
• Produce monthly reports, client updates, and executive briefings translating technical vulnerabilities into actionable risk insights.

This role requires strong technical security expertise, hands-on vulnerability management experience, and familiarity with regulated cloud environments:

• 3–5 years of experience in vulnerability management, security operations, or compliance-focused cybersecurity roles.
• Hands-on experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Wiz, or similar platforms.
• Experience working within cloud environments such as AWS, Azure, or GCP, including security controls and attack surface analysis.
• Familiarity with compliance frameworks including FedRAMP, HITRUST, PCI, or NIST 800-53.
• Strong understanding of vulnerability scoring models (e.g., CVSS) and risk prioritization methodologies.
• Ability to distinguish false positives and produce risk-based remediation or deviation justifications.
• Strong communication skills with experience presenting technical findings to clients and stakeholders.
• Proficiency in scripting (Python, PowerShell, or Bash) for automation and reporting is a plus.

• Competitive salary range of $78,000–$135,000 annually (based on experience and location)
• Performance-based incentive and recognition programs
• Flexible work arrangements (remote or hybrid options depending on role requirements)
• Comprehensive health, dental, vision, and insurance coverage
• Paid parental leave and family support benefits
• Flexible time off policy
• Certification, training, and professional development reimbursement
• Mental health and wellbeing support resources
• Opportunities to participate in employee communities and engagement programs