CrawlJobs Logo

Senior Vulnerability Management Analyst (Risk, Remediation, Reporting)

United States, Austin · Job Posted May 04, 2026
Apply Position
Job Link Share

Job Description

We are seeking an experienced Senior Vulnerability Management Analyst to lead vulnerability tracking, risk prioritization, and remediation validation across enterprise environments. The ideal candidate will have strong expertise in vulnerability lifecycle management, risk assessment, and reporting, ensuring timely resolution of security risks and compliance with organizational standards.

Job Responsibility

  • Establish and maintain vulnerability inventory and baseline across systems and applications
  • perform risk classification and prioritization of identified vulnerabilities
  • track and manage vulnerability remediation efforts across teams
  • validate remediation actions using scan results and supporting evidence
  • generate and deliver status reports, dashboards, and metrics for stakeholders
  • collaborate with IT, security, and application teams to ensure timely resolution
  • monitor compliance with security policies and remediation SLAs
  • identify trends and provide recommendations to improve security posture
  • support audits and ensure proper documentation of vulnerability management processes

Requirements

  • 8+ years of experience in vulnerability management or cybersecurity
  • strong experience with vulnerability inventory, tracking, and remediation processes
  • expertise in risk classification and prioritization methodologies
  • experience validating remediation using vulnerability scan tools and reports
  • strong reporting and documentation skills
  • ability to work independently and manage multiple priorities

Nice to have

  • Experience with enterprise vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7)
  • knowledge of security frameworks (NIST, ISO 27001, CIS)
  • experience working in large-scale enterprise environments
  • relevant certifications (e.g., CISSP, CEH, Security+)

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Vulnerability Management Analyst (Risk, Remediation, Reporting)

8 matching positions

Vulnerability Management Senior Cyber Security Analyst

Location (Primary) - Noida / Chennai (Secondary) GCF Level - 2A(01 nos) & 2B(01 ...
Location
Location
India , Noida
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must hands on experience with detection and monitoring tools (Microsoft Defender for Endpoint EDR/XDR, WIZ, NESSUS PRO, Dynatrace)
  • Experience information system management and mapping tools (CMDB, VISIT)
  • Good knowledge of software distribution tools (SCCM, Intune, Satellite, Ansible, etc.), and reporting and analysis tools (PowerBI)
  • Experience with ServiceNow (SNOW), specifically the SECOPS module
  • Strong understanding of - On-prem infrastructure, SaaS / IaaS / Cloud workloads, Application vulnerability context
  • Ability to enrich findings using CMDB / asset mapping tools
  • Working knowledge of - SCCM, Intune, Ansible, Satellite
  • Stakeholder & Coordination Skills
  • Documentation & Effective Communication - Clear communication (EN/FR preferred) with structured documentation mindset
  • Process & Continuous Improvement Mindset
Job Responsibility
Job Responsibility
  • Oversee the receipt, analysis, and tracking of vulnerabilities from various sources (CERT, scanning tools, division reports)
  • manage backlog processing, and create or update vulnerability tickets using multiple detection and asset management tools
  • Assess and identify impacted assets across various environments
  • Qualify vulnerabilities by evaluating exposure, versions, severity, attack vectors, and client context
  • Enhance asset information using CMDB, and promptly issue alerts for critical vulnerabilities
  • Develop, implement, and coordinate remediation plans by analyzing security advisories and scan reports
  • Defining tailored action strategies (including patches, workarounds, and updates)
  • Prioritizing tasks, tracking requests in ServiceNow
  • Sending criticality-based reminders, and supporting remediation teams
  • Monitor and validate patch application by ensuring timely verification
  • Fulltime
Read More
Arrow Right

InfoSec Risk Senior Analyst / Analyst

Location
Location
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science or Electronics & Communication Engineering or a related field from a reputable university
  • Minimum 4 years of experience for the Senior Analyst and 2 years of experience for the Analyst in the banking sector and information security field, including the following background: Risk assessment, identification and mitigation
  • Security controls, security baseline, technology best practices
  • Has an integration knowledge across different security technologies and systems
  • Security control enforcement, measure of effectiveness and proposing compensating controls
  • CBE regulations
Job Responsibility
Job Responsibility
  • Review & maintain the Risk profile according to the bank's Cyber Security Risk appetite
  • Identify information security controls necessary to remediate identified risks and follow up remediation with the concerned business lines
  • Assess information security risks for IT assets and propose appropriate measures to eliminate/reduce risk
  • Coordinate with Information Security teams to manage the risk assessment activities
  • Engage InfoSec Teams in all new initiatives and projects to handle InfoSec risk assessment for new projects/technologies with concerned stakeholders
  • Follow up on Audit reports along with audit Findings/Recommendations by Internal Audit/External Audit, CBE and ensure remediation with the related parties
  • Ensure maintaining Global InfoSec Risk Register for all assessed IT assets & follow up on open risks until closure
  • Review the cases performed by the InfoSec Governance & Compliance Teams from risk perspective side
  • Participate in the Change Advisory Board (CAB) meeting
  • Work on standard and ad-hoc threats providing InfoSec risk assessment as needed
Read More
Arrow Right

Security Testing Senior Analyst (Purple Team)

Reporting to the Attack Surface Reduction Senior Manager, the Security Testing S...
Location
Location
Ireland , Cork; Dublin
Salary
Salary:
Not provided
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or equivalent experience
  • Minimum of 3+ years in offensive security, penetration testing, vulnerability management, security threat assessment, or related roles
  • Experience in scoping and planning technical security assessments (red team, penetration testing, adversarial simulations, or similar)
  • Strong understanding of offensive security principles, common attack vectors, and the general testing lifecycle
  • Demonstrated experience in remediation tracking, stakeholder coordination, and cross-functional communication
  • Ability to translate complex technical findings into clear business risk and actionable remediation plans
  • Familiarity with frameworks such as MITRE ATT&CK, OWASP Top 10, NIST, CIS, and ISO security standards
  • Strong organizational skills, with proven ability to manage multiple concurrent engagements
  • Excellent communication, presentation, and relationship-building skills
  • Relevant certifications such as Security+, CySA+, GSEC, OSCP, CRTO, or similar are a plus
Job Responsibility
Job Responsibility
  • Lead the scoping and definition of red-team and adversarial simulation engagements, including determining goals, targets, timelines, and rules of engagement
  • Coordinate with business units, IT teams, and leadership to gather requirements, understand operational constraints, and ensure testing activities align with business risk
  • Develop structured engagement plans, including resource planning, attack paths, testing schedules, and expected deliverables
  • Serve as the primary point of contact throughout the engagement lifecycle
  • Track remediation activities, ensuring findings are clearly documented, assigned to responsible teams, monitored to completion, and remediated within defined SLAs
  • Host recurring remediation review sessions with stakeholders to validate progress and support their efforts in resolving identified weaknesses
  • Maintain a detailed engagement tracker for planning, scheduling, resource allocation, remediation status, and operational metrics
  • Support and occasionally lead technical testing activities where required
  • Prepare and deliver reports, dashboards, and executive summaries that clearly communicate risk, findings, remediation status, and testing outcomes
  • Partner with security operations, detection engineering, and infrastructure teams to ensure lessons learned are integrated into continuous improvement efforts
What we offer
What we offer
  • Support for professional accreditations such as ACCA and study leave
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Fulltime
Read More
Arrow Right

Senior Analyst, Cybersecurity Compliance

The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & ...
Location
Location
United States , Austin, Texas; Warren, Michigan
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field
  • Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization
  • Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO)
  • Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI‑DSS, GDPR, CCPA, export regulations, records/retention requirements)
  • Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations
  • Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting
  • Excellent communication, presentation, and interpersonal skills
  • able to translate technical compliance topics into concise, executive‑ready messages
  • Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment
Job Responsibility
Job Responsibility
  • Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF)
  • Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains
  • Analyze and prioritize identified issues based on compliance impact and likelihood
  • recommend risk treatment strategies and control enhancements
  • Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set
  • Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements
  • Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories
  • Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness
  • Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations
  • Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments
  • Fulltime
Read More
Arrow Right

Applications Development Senior Programmer Analyst

Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-10 years of relevant experience
  • Ability to work under pressure and manage deadlines or unexpected changes in expectations or requirements
  • Strong hands‑on experience with Java, Spring, Spring Boot, JPA/Hibernate
  • Expertise in building microservices, REST APIs, Swagger/OpenAPI, and SOAP integrations
  • Experience designing & implementing event‑driven systems (Kafka, RabbitMQ)
  • Solid understanding of RDBMS (SQL, PL/SQL) + familiarity with NoSQL databases
  • Experience with caching (Redis)
  • Strong knowledge of OAuth2, token‑based security, and API security best practices
  • Prior experience with WebSphere, JSP/Servlets, EJB, and application modernization (migration to modern Java/Spring microservices)
  • Hands-on work experience with advanced AI software engineering tools like Devin.AI or similar autonomous AI software agents
Job Responsibility
Job Responsibility
  • Conduct tasks related to feasibility studies, time and cost estimates, IT planning, risk technology, applications development, model development, and establish and implement new or revised applications systems and programs to meet specific business needs or user areas
  • Participate in the development process including analysis, design, construction, testing, and implementation as well as provide user and operational support on applications to business users
  • Work closely with other technical and business teams across multiple locations to respond to technical enquiries, gather requirements and deliver technical solutions
  • Implement well-tested and fully maintainable software, involving both new and existing components as required
  • Review and analyze code using tools to improve the quality of code and highlight vulnerabilities early in the software development lifecycle
  • Write unit and integration tests for all code, ensuring it is tested to a high standard
  • Apply a security-by-design approach to development, using recommended controls and techniques to secure software, and remediate vulnerabilities where identified
  • Utilize in-depth specialty knowledge of applications development to analyze complex problems/issues, provide evaluation of business process, system process, and industry standards, and make evaluative judgement
  • Recommend and develop security measures in post implementation analysis of business usage to ensure successful system design and functionality
  • Consult with users/clients and other technology groups on issues, recommend advanced programming solutions, and install and assist customer exposure systems
  • Fulltime
Read More
Arrow Right

Applications Development Senior Programmer Analyst

The Applications Development Technology Sr Programmer Analyst role is a Senior p...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-10 years of relevant experience
  • Ability to work under pressure and manage deadlines or unexpected changes in expectations or requirements
  • Strong hands‑on experience with Java, Spring, Spring Boot, JPA/Hibernate
  • Expertise in building microservices, REST APIs, Swagger/OpenAPI, and SOAP integrations
  • Experience designing & implementing event‑driven systems (Kafka, RabbitMQ)
  • Solid understanding of RDBMS (SQL, PL/SQL) + familiarity with NoSQL databases
  • Experience with caching (Redis)
  • Strong knowledge of OAuth2, token‑based security, and API security best practices
  • Prior experience with WebSphere, JSP/Servlets, EJB, and application modernization (migration to modern Java/Spring microservices)
  • Hands-on work experience with advanced AI software engineering tools like Devin.AI or similar autonomous AI software agents
Job Responsibility
Job Responsibility
  • Conduct tasks related to feasibility studies, time and cost estimates, IT planning, risk technology, applications development, model development, and establish and implement new or revised applications systems and programs to meet specific business needs or user areas
  • Participate in the development process including analysis, design, construction, testing, and implementation as well as provide user and operational support on applications to business users
  • Work closely with other technical and business teams across multiple locations to respond to technical enquiries, gather requirements and deliver technical solutions
  • Implement well-tested and fully maintainable software, involving both new and existing components as required
  • Review and analyze code using tools to improve the quality of code and highlight vulnerabilities early in the software development lifecycle
  • Write unit and integration tests for all code, ensuring it is tested to a high standard
  • Apply a security-by-design approach to development, using recommended controls and techniques to secure software, and remediate vulnerabilities where identified
  • Utilize in-depth specialty knowledge of applications development to analyze complex problems/issues, provide evaluation of business process, system process, and industry standards, and make evaluative judgement
  • Recommend and develop security measures in post implementation analysis of business usage to ensure successful system design and functionality
  • Consult with users/clients and other technology groups on issues, recommend advanced programming solutions, and install and assist customer exposure systems
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst – CMMC & DoD Compliance

The Cybersecurity Analyst will help lead the CMMC compliance efforts to enable p...
Location
Location
United States , Austin, Texas; Warren, Michigan
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience
  • 5+ years of cybersecurity experience in regulated or government‑contract environments
  • Experience supporting federally regulated cybersecurity requirements
  • Experience preparing for third‑party or government assessments
  • Ability to translate and communicate DoD cybersecurity requirements for application teams
  • Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes
  • Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation
  • Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics
  • Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls
  • Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting
Job Responsibility
Job Responsibility
  • Drive the overall governance for government programs
  • Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings
  • Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness
  • Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments
  • Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection
  • Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements
What we offer
What we offer
  • This job may be eligible for relocation benefits
  • Fulltime
Read More
Arrow Right

It Business Systems Analyst-Level 3 - Senior

This role is designed for someone who enjoys working at the intersection of peop...
Location
Location
United States , Houston
Salary
Salary:
58.00 - 60.00 USD / Hour
lorienglobal.com Logo
Lorien
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in one or more of the following: OT, ICS, or industrial environments
  • Gas, energy, utilities, or critical infrastructure operations
  • Experience in IT infrastructure, networking, or systems administration
  • Cybersecurity, risk management, or vulnerability management
  • Strong ability to analyze complex problems and communicate clearly
  • Comfort working across technical and non-technical audiences
  • Curiosity, learning mindset, and willingness to ask 'why'
  • Self-starter with little to no guidance to work with various teams
  • Ability to create reports, metrics and analyses that convey the message succinctly and accurately
  • Education: Bachelor's degree in a related field (such as Computer Science, Information Systems, or Business Administration) required
Job Responsibility
Job Responsibility
  • Establishes and manages effective customer relationships with users of business, financial, and operations systems, as well as technical team members
  • Uses knowledge of business processes to identify interdependencies and functional gaps, ensuring alignment with IT and business strategies
  • Acts as a lead in the application testing process, documentation updates, and process improvement initiatives
  • Act as a trusted partner to the various business
  • Translate cybersecurity risks (e.g., vulnerabilities, OT exposures) into business-relevant impact and options
  • Support decision-making by framing risk, tradeoffs, and remediation paths, not just control gaps
  • Assist with security reviews for OT environments, and hybrid IT/OT architectures
  • Partner with engineering and operations teams to understand how systems are actually used, not just how they're designed
What we offer
What we offer
  • Health
  • Dental
  • Vision
Read More
Arrow Right