CrawlJobs Logo

Vulnerability Management Analyst

Workday

Location Icon

Location:
United States , Reston

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

106200.00 - 188800.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

The GRC team is seeking a Vulnerability Management Analyst who will work with system owners and engineering teams to remediate issues. The role requires strong organization and interpersonal skills, and the technical ability to understand, interpret and prioritize findings from commercial scan tools. The role also requires contributing to the Planning of Actions and Milestones (POAMs) and communicating status to the leadership team.

Job Responsibility:

  • Analyze and organize scan results and prioritize vulnerabilities for remediation based on risk requirements
  • Establish strong relationships with engineering teams to track and report status and remediation timelines
  • Contribute to the Planning of Actions and Milestones (POAMs)
  • Support Continuous Monitoring (ConMon) and participate in audit activities related to vulnerability management
  • Report status to leadership teams.

Requirements:

  • Outstanding communication and organization skills
  • Self-driven, motivated professional with experience working with multiple stakeholders
  • Strong ability to understand and interpret results from commercial scanning tools and provide related guidance for remediation
  • Strong ability to manage complex datasets in spreadsheets
  • Previous experience in managing POAMs for FedRAMP authorized environments
  • Working knowledge of security standards like FedRAMP, DoD IL-4/5, NIST 800-171, NIST 800-53 and the Risk Management Framework (RMF)
  • Experience in cloud computing, preferably with a major hyperscaler like AWS, Google, etc.
  • Proficiency in using tools like Jira for managing tickets and tasks.

Nice to have:

  • Relevant industry certifications (e.g., Security+, CEH, CISSP)
  • Previous experience as an assessor, Information Systems Security Engineer (ISSE) with a 3PAO or Cloud Services Provider (CSP)
  • Previous experience with US Federal Government defense or civilian agencies
  • Ability to write simple scripts (e.g. Python) to improve productivity.
What we offer:
  • Bonus Plan or role-specific commission/bonus
  • annual refresh stock grants
  • comprehensive benefits

Additional Information:

Job Posted:
May 04, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Workday - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Vulnerability Management Analyst

Security Incident Management Analyst

The Security Incident Management Analyst is an intermediate level position respo...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant professional certifications issued by GIAC, AWS, etc., preferably GCCC, GCIH, CEH, ECSA
  • General Industry knowledge of reporting obligations pertaining to local and national laws and regulatory bodies such as OCC, SEC, ECB, MAS
  • Working knowledge of common security models (Defense-in-Depth) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
  • Working knowledge of VERIS taxonomy
  • Working knowledge of OSI model
  • Working knowledge of security and/or incident response in cloud environments
  • Working knowledge of software development best practices, including agile methods
  • Familiar with Atlassian tools
  • Previous experience working in highly regulated environment
  • Previous experience in a fusion center and/or exposure to large scale incident response
Job Responsibility
Job Responsibility
  • Work as part of a best in class ‘follow the sun’ security incident response team
  • Lead and manage incident response activities to ensure that requisite triage, containment, and eradication are completed within targeted timeframes
  • Ensure that the security incident record is complete, accurate and fit for purpose
  • Collect and analyze evidence including investigative findings and prepare to coordinate with internal and external compliance and audit personnel
  • Execute incident response meetings and communicate complex security topics
  • exhibit good judgment and discretion when initiating escalations to all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed by appropriate selection
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing information security standards to align procedures and practices in pursuit of compliance with Citigroup standards
  • Validate compliance with information security policies, practices, and procedures, and resolve a variety of information security related issues in coordination with the relevant business(es)
  • Fulltime
Read More
Arrow Right

Vulnerability Assessments Analyst - Red Team Dev Sec Ops

The Red Team DevOps Analyst - Red Team, AVP will design, manage, and support Red...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years’ experience or equivalent knowledge and exposure are required with most of the following: Understanding and able to deploy and orchestrate virtualized systems
  • Understanding and ability to apply secure network design concepts, systems hardening, and RBAC/AAA
  • Familiarity with common network and host security and logging platforms and products such as firewalls, VPNs, EDRs, SIEMs
  • Familiarity with logging, log forwarding, and resource monitoring of deployed services and infrastructure
  • Familiarity with CI/CD concepts and how it can be applied with Infrastructure as Code
  • Understanding and ability to develop automation and maintain scripts such as terraform, ansible, chef/puppet to deploy and management systems at scale
  • Hands on experience and functional experience in deploying common C2 frameworks such as Sliver, and Mythic
  • Bachelor’s degree/University degree or equivalent experience
  • Industry-accredited security certifications highly preferred but not required
Job Responsibility
Job Responsibility
  • Support existing Red Team lab infrastructure, and build out new requirements to align with exercise requirements
  • Ensuring effective design, safe and secure deployment, continued patching and assurance of these systems from cradle to grave
  • Manage keys, and user access to systems within the lab
  • Manage logging and auditing of user access to infrastructure and tooling within the lab
  • Manage risk appropriately for mission critical, and sensitive systems
  • Develop and maintain automation scripts for rapid deployment, configuration management, and gold images
  • Demonstrate consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Fulltime
Read More
Arrow Right

Cyber Defense Analyst

The cyber defense analyst for Services within the Business, Functions and Techno...
Location
Location
Mexico , Ciudad De Mexico
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model
  • Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting
  • Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
  • Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
  • Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes)
  • Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities
  • Conduct security reviews to check for security compliance to Bank’s requirements
  • Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances
  • Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes
  • Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause
Job Responsibility
Job Responsibility
  • Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model
  • Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting
  • Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
  • Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
  • Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes)
  • Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities
  • Conduct security reviews to check for security compliance to Bank’s requirements
  • Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances
  • Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes
  • Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause
  • Fulltime
Read More
Arrow Right

Purple Team Analyst

We are looking for a dedicated professional to join our Purple Team. This resour...
Location
Location
Portugal , Lisbon
Salary
Salary:
Not provided
https://www.inetum.com Logo
Inetum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • + 5 years of experience in the cybersecurity field or experience in a Purple Team
  • Solid experience in Vulnerability Management and Analysis
  • Experience in Integration and/or Testing of cybersecurity requirements at the hardware, software, and systems level
  • Experience using and configuring security tools (e.g., Qradar, Crowdstrike, etc.) and security protocols are essential
  • Experience with MS SharePoint
  • Demonstrated ability to work in an integrated team environment
  • Excellent problem-solving and communication skills
  • Good level of English
Job Responsibility
Job Responsibility
  • Vulnerability Management and Analysis
  • Creation of Remediation Plans
  • Advising and Prioritizing Gaps
  • Focus on Reducing Risk for Our Clients' Business
  • Fulltime
Read More
Arrow Right

Non-Financial Risk analyst with focus on Project Risk Management

The Non-Financial Risk Analyst, based in Barcelona, is responsible for developin...
Location
Location
Spain , Barcelona
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s / master’s degree in economics, finance, business administration or a similar discipline
  • Strong analytical skills (and an eye for detail) to think critically, assess situations, and analyze and detect prospective risks and vulnerabilities
  • Strong communication & interpersonal skills: excellent interpersonal abilities to build productive, trusting relationships with other IT and business stakeholders
  • Problem-Solving Skills
  • Experience in working in an international environment
  • Understanding of key risk management principle
  • 3-5 years of experience, of which at least 1 year in Program/ project management
  • Additional experience in operational risk is a plus
Job Responsibility
Job Responsibility
  • Develop Project Risk Management framework (PRM) incl. risk strategy, policy and functional rules
  • Review 1 LoD-owned Project Risk Management related Corporate Rules book
  • Support the review of 1 LoD Project Risk Assessment
  • Maintain PRM related frameworks (incl. risk taxonomy, risk assessment methodology, Risk assessment template)
  • Work closely with 1LoD teams on strategic projects
  • Prepare SvB, BoM, GFRC reporting presentations
  • Act as main point of contact (PoC) in Spain for OEs risk functions concerning PRM
  • Assist with administrative activities such as reporting, documentation maintenance, and the preparation of training materials
What we offer
What we offer
  • Hybrid work model incl. up to 25 days per year working from abroad
  • Company bonus scheme
  • Pension
  • Employee shares program
  • Multiple employee discounts
  • Career development and digital learning programs
  • International career mobility
  • Flexible working
  • Health and wellbeing offers (including healthcare and parental leave benefits)
  • Fulltime
Read More
Arrow Right

Senior Cyber Security Analyst

In the Bosch Cyber Security Organization, we coordinate the vulnerability manage...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Completed university degree (Master/Diploma/PhD) in Information Security, Computer Science, Software Development, Electrical Engineering, Mathematics, or comparable field
  • Team player familiar with cooperation and delegation
  • Versatile and communicative individual who enjoys preparing and sharing information tailored to target audience
  • Strong technical background in security and several years of professional experience in multiple fields: IT Security, Cloud Security, Embedded Security, Industrial Control Systems (ICS), Industrial IoT (IIoT), Consumer IoT, Software Security and Security Research, Vulnerability Management process design and execution
  • Ideally basic knowledge in operational management of CSIRT, CERT, or Product-CERT
  • Love challenges while defining and implementing processes in new, effective, and user-oriented manner
  • Very good English written and spoken
  • German would be an important asset
Job Responsibility
Job Responsibility
  • Investigate and assess vulnerabilities within operational environment
  • Provide basis for prioritizing vulnerability remediation follow-up
  • Work closely with development and operations teams in Poland and tracking teams in India
  • Support further development of Enterprise Security Advisory Services
  • Track risks through vulnerabilities
  • Continuously identify process improvements for enhanced tool support
  • Coordinate implementation of improvements with international teams
  • Actively work as team to network with external stakeholders
What we offer
What we offer
  • Competitive salary + annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Professional support and knowledge sharing
  • Ongoing development opportunities in multinational environment
  • Broad access to professional trainings including language courses, conferences and webinars
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits including MultiSport, shopping vouchers, cinema tickets
  • Prepaid Lunch Card
  • Fulltime
Read More
Arrow Right

Senior Cyber Security Analyst

In the Bosch Cyber Security Organization, we coordinate the vulnerability manage...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Completed university degree (Master/Diploma/PhD) in Information Security, Computer Science, Software Development, Electrical Engineering, Mathematics, or a comparable field of study
  • Team player who is familiar with both cooperation and delegation
  • Versatile and communicative individual who enjoys preparing and sharing information tailored to the target audience
  • Strong technical background in security and several years of professional experience in multiple of the following fields: IT Security, Cloud Security, Embedded Security, Industrial Control Systems (ICS), Industrial IoT (IIoT), Consumer IoT, Software Security and Security Research, Vulnerability Management process design and execution
  • ideally basic knowledge in the operational management of a CSIRT, CERT, or Product-CERT
  • Love challenges, while defining and implementing processes in a new, effective, and user-oriented manner
  • Very good English, written and spoken
  • German would be an important asset
Job Responsibility
Job Responsibility
  • Investigate and assess vulnerabilities within their operational environment, providing the basis for prioritizing the follow-up of vulnerability remediation
  • Work closely with development and operations teams in Poland, as well as tracking teams in India, supporting the further development of our Enterprise Security Advisory Services and the tracking of risks through vulnerabilities
  • Continuously identify process improvements for enhanced tool support and coordinate their implementation with the respective international teams
  • Actively work as a team to network with external stakeholders
What we offer
What we offer
  • Competitive salary + annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
  • Prepaid Lunch Card
  • Number of benefits for families (for instance summer camps for kids)
  • Non-working day on the 31st of December
  • Fulltime
Read More
Arrow Right

Managed Cloud Detection and Response Analyst

Wiz is looking for a Managed Cloud Detection and Response Analyst to join our ne...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of experience in a Security Operations Center or Managed Detection and Response, specifically involving cloud environments
  • Solid knowledge in Cloud Security, with familiarity in cloud services, Kubernetes, cloud architecture, and major providers (AWS, GCP, Azure)
  • Strong analytical skills with a detail-oriented mindset, capable of assessing complex security incidents, separating false positives from true compromise, and providing actionable insights
  • Passion for continuous learning and improvement, staying up-to-date on the latest trends, threats, and best practices in cloud security
  • Excellent communication skills verbal and written both in Hebrew and English
Job Responsibility
Job Responsibility
  • Continuously monitor customers’ cloud environments and workloads for security alerts and analyze potential cyber threats to identify and prioritize cyber security incidents
  • Triage prioritized cyber incidents and coordinate appropriate response actions to mitigate risks effectively
  • Work closely with customer teams to guide and assist with investigation and remediation of incidents
  • Create and deliver incident reports that document findings and response actions taken for customers
  • Write and implement custom detection rules and fine-tune alerts to enhance threat detection capabilities for the customer’s specific cloud environment
  • Develop and maintain cyber incident response playbooks to standardize procedures and enhance the internal methodology of the team
  • Stay up to date with the latest threats, vulnerabilities, and trends in cloud security to update response strategies and improve detection methods
Read More
Arrow Right