Cybersecurity Analyst III
Vulnerability Management Program Leadership
Lead the enterprise vulnerability management lifecycle: asset discovery, continuous scanning, risk-based prioritization, remediation coordination, validation, and reporting.
Define and maintain SLA/remediation timelines by risk tier and manage escalation paths for items approaching or exceeding thresholds.
Partner with infrastructure, cloud, engineering, application, and endpoint teams to ensure vulnerability findings are clearly communicated, ownership is assigned, and remediation is completed on schedule.
Translate vulnerability data into business context: deliver clear reporting for technical teams and concise risk summaries for executive audiences that reflect progress, trends, and areas of focus.
Prioritize vulnerabilities using risk-based methodologies that incorporate CVSS scores, EPSS, CISA KEV, asset criticality, business impact, and active threat intelligence — not severity scores in isolation.
Maintain a formal risk acceptance and exception process, including documentation of business justification, compensating controls, and expiration timelines.
Integrate vulnerability findings into ticketing and ITSM workflows (e.g., ServiceNow, Jira) to ensure every finding has an assigned owner, a due date, and a tracked resolution path.
Develop and maintain program KPIs: vulnerability fix rate, mean time to remediate (MTTR), scan coverage, exception aging, and sustained reduction in critical/high exposure.
Facilitate regular stakeholder reviews with technology teams to assess remediation progress, surface blockers, and maintain shared accountability for risk outcomes.
Continuously refine scanning coverage, tool configurations, and program policies in response to environmental changes and evolving threats.
Monitor threat intelligence feeds, vulnerability disclosures, and CISA KEV to identify newly weaponized vulnerabilities that warrant accelerated remediation cycles.
Cook up formal risk acceptance decisions with leadership for findings that cannot be addressed within standard timelines; maintain auditable records of approvals.
Incident Response Support
Support cybersecurity incident response activities including triage, containment, eradication, recovery, and post-incident review.
Apply vulnerability landscape knowledge and asset inventory familiarity to provide rapid environmental context during active investigations.
Participate in incident post-mortems and incorporate findings into vulnerability management program improvements.
Contribute to security documentation including runbooks, playbooks, and vulnerability management procedures.
Cross-Functional Collaboration & Communication
Serve as the primary security point of contact for technology teams on vulnerability obligations, remediation expectations, and risk escalation.
Advise technology partners on patch management strategies, configuration hardening, and compensating controls.
Support internal audit and compliance engagements by demonstrating control effectiveness against SOX, PCI-DSS, and other applicable frameworks.
Promote security awareness among technology partners by providing clear context on why remediation requirements exist and how they protect the organization.
Required Qualifications
Vulnerability Management Expertise: 5+ years of experience in cybersecurity operations, with at least 3 years in a role focused on enterprise vulnerability management.
Hands-on experience with enterprise vulnerability scanning platforms such as Tenable (Nessus / Tenable.io / Tenable.sc), Qualys, or Rapid7 InsightVM.
Demonstrated experience owning a vulnerability management program end to end, including SLA development, remediation coordination, and stakeholder accountability.
Experience integrating vulnerability findings with ITSM or ticketing platforms (ServiceNow, Jira, or equivalent) to operationalize remediation workflows.
Strong command of risk-based vulnerability prioritization frameworks: CVSS, EPSS, CISA KEV, asset criticality, and business impact analysis.
Experience developing vulnerability metrics, executive dashboards, and program performance reporting.
Familiarity with vulnerability lifecycle management practices: risk acceptance, exception handling, compensating controls, and SLA governance.
Stakeholder Engagement & Cross-Functional Influence
Proven ability to drive remediation outcomes through technology teams (infrastructure, cloud, engineering, application) using influence, communication, and structured accountability — without direct management authority.
Strong written and verbal communication skills with the ability to tailor messaging for technical and non-technical audiences alike.
Experience facilitating recurring stakeholder forums such as remediation review meetings, and maintaining follow-through on commitments via escalation when needed.
Demonstrated ability to build credibility and collaborative relationships across peer teams.
Technical Depth
Solid understanding of cloud security in AWS and/or Azure environments, including cloud-native security tooling and logging architectures.
Familiarity with endpoint protection, network monitoring, intrusion detection, and IAM platforms.
Working knowledge of core network protocols (TCP/IP, DNS, HTTP/S, SMTP, etc.).
Experience with SIEM platforms and security log analysis.
Familiarity with the MITRE ATT&CK framework and how adversary TTPs inform vulnerability prioritization.
Foundational knowledge of incident response concepts and practices sufficient to contribute meaningfully when called upon.
Preferred Qualifications
Relevant certifications: CISSP, GPEN, GWAPT, CompTIA Security+, Tenable Certified, Qualys Certified, or equivalent.
Familiarity with SOX and PCI-DSS compliance requirements as they relate to vulnerability and patch management.
Experience with exposure management methodologies such as Continuous Threat Exposure Management (CTEM) and attack surface management.
Familiarity with SOAR platforms or automation tools used to streamline vulnerability-to-ticket workflows.
Experience with Microsoft Defender suite, Rapid7, or comparable enterprise security platforms.
Exposure to penetration testing or adversary emulation methodologies to inform vulnerability prioritization.
Familiarity with AI-assisted attack techniques and their implications for vulnerability exploit timelines.