Cybersecurity Vulnerability Management Analyst

Location: 100% Remote (U.S.-based candidates only) Duration: May 2026 – August 2026 (Extension Possible) Schedule: Monday–Friday, 8:00 AM – 5:00 PM CST Hours: Up to ~560 hours

Overview

We are seeking an experienced Cybersecurity Vulnerability Management Analyst to support enterprise vulnerability management and remediation efforts in a large, complex environment.

This role is focused on end-to-end vulnerability lifecycle management—from baseline establishment and risk prioritization to remediation tracking, validation, and reporting. The ideal candidate will bring strong experience aligning processes with NIST standards, driving accountability across stakeholders, and ensuring timely closure of security risks.

Key Responsibilities

Vulnerability Inventory & Baseline

• Review existing vulnerability data from scans, assessments, and security tools
• Establish and maintain a consolidated vulnerability baseline
• Develop and document remediation timelines based on risk posture and aging

Risk Classification & Prioritization

• Categorize and prioritize vulnerabilities based on severity, exploitability, and business impact
• Align classification methodologies with NIST guidelines
• Ensure remediation timelines align with defined risk thresholds

Remediation Coordination

• Partner with system, infrastructure, and application owners to drive remediation efforts
• Communicate risk context, expectations, and timelines clearly to stakeholders

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Track remediation progress and identify blockers or dependencies
• Escalate critical or overdue vulnerabilities through appropriate governance channels

Tracking, Metrics & Reporting

• Maintain accurate tracking of vulnerability status across systems
• Produce regular reports on remediation progress, risk exposure, and trends
• Provide visibility into aging vulnerabilities and SLA compliance

Validation & Closure

• Validate remediation through scan results and supporting evidence
• Confirm closure in tracking systems once issues are resolved
• Ensure exceptions or risk acceptances are properly documented and approved

Program Improvement

• Identify gaps in vulnerability management processes
• Recommend improvements aligned with NIST standards and governance practices
• Support continuous improvement of remediation workflows and accountability

Required Qualifications

• 8+ years of experience in vulnerability management and remediation
• Strong experience with:
• Vulnerability inventory and baseline establishment
• Risk classification and prioritization frameworks
• Tracking and reporting remediation efforts
• Validation of remediation using scan results or evidence
• Hands-on experience with vulnerability scanning and management tools
• Strong understanding of NIST-based security frameworks
• Excellent communication and stakeholder coordination skills

Preferred Qualifications

• Experience in large enterprise or public sector environments
• Familiarity with governance, risk, and compliance (GRC) processes
• Strong analytical and reporting capabilities

Work Environment

• 100% remote within the United States
• Standard business hours with occasional off-hours support as needed
• No travel required unless pre-approved