Job Summary

The Sr. Vulnerability Management Analyst will be reporting directly to Security Operations Manager and will be responsible for managing system and asset exposures that could lead to cybersecurity incidents. This role is a critical component of the organization’s operative cybersecurity practice and will provide targeted information and analysis necessary to mitigate risk. The Sr. Vulnerability Management Analyst will be responsible and actively involved in incident response and remediation activities. The ideal candidate will have a thorough and advanced understanding of information security, cloud security, cyber threat actors as well as efficient monitoring and detection practices. The Sr. Vulnerability Management Analyst will also work to aide in the building and continuous advancement of the team and practices needed to ensure success.

About Us

Since 1989, SHI International Corp. has helped organizations change the world through technology. We’ve grown every year since, and today we’re proud to be a $14 billion global provider of IT solutions and services.

Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 6,000 of them. If you join our team, you’ll enjoy:

• Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.

• Continuous professional growth and leadership opportunities.

• Health, wellness, and financial benefits to offer peace of mind to you and your family.

• World-class facilities and the technology you need to thrive – in our offices or yours.

Responsibilities

Include, but are not limited to:

• Assist in the development and implementation of a comprehensive vulnerability management program aligned with industry best practices.

• Conduct regular vulnerability scans (including internal, external, and web application scans).

• Analyze vulnerability scan results to identify valid vulnerabilities, prioritize them based on severity, exploitability, and potential business impact.

• Oversee the vulnerability remediation process, including patch management, configuration management, and working with internal teams (development, IT operations) to ensure timely remediation of identified vulnerabilities.

• Collaborate with the SOC team to integrate vulnerability management findings into the overall security posture of the organization. This may involve sharing threat intelligence, IOCs, or assisting in incident response activities where vulnerabilities are exploited.

• Stay up-to-date on the latest vulnerability trends, threats, and mitigation strategies. This could involve attending security conferences, participating in online communities, and subscribing to relevant security alerts or new letters.

• Develop and maintain strong relationships with security vendors and partners to stay informed about new tool offerings and threat intelligence.

• Provide regular reports to leadership on the status of the vulnerability management program, including key metrics like number of vulnerabilities identified, remediation rates, and overall program effectiveness.

• Continuously improve the vulnerability management program by identifying and implementing new tools, processes, and automation opportunities.

• Participate in vulnerability assessments and penetration testing activities.

• Document vulnerability management processes and procedures.

• Train and mentor security team members on vulnerability management best practices.

Qualifications

• 5+ years of relevant industry experience in IT Engineering, Security Operations, Cloud Security, and enterprise vulnerability remediation

• 3+ years of experience in a vulnerability management role

• Bachelor’s degree in computer science, information systems, information security, related field or relevant work experience required

Required Skills

• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).

• Minimum of 5+ years of experience in threat management or a related security discipline.

• In depth and firsthand experience using cyber threat intelligence platforms.

• Strong understanding of vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS), penetration testing methodologies, and patch management processes.

• Excellent analytical and problem-solving skills.

• Strong communication and collaboration skills, with the ability to influence and work effectively with cross-functional teams.

• Ability to work independently and manage multiple priorities in a fast-paced environment.

• Working knowledge of security frameworks and best practices (e.g., NIST Cybersecurity Framework, OWASP Top 10).

• Experience working in a security-conscious environment.

• Familiarity with Security Operations Center (SOC) operations preferred

• Experience with scripting languages (e.g., Python, Bash) to automate vulnerability management tasks preferred

Certifications Required

• NICCS (CISA): CVA

• GIAC: GEVA, GCTI, GCFA, GNFA, GMON, GCED, GREM, GSNA, GCIH, GSEC

• ISACA: CSX-P

• ISC2: CISSP, CAP

Additional Information

• The estimated annual pay range for this position is $80,000 – $130,000. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status

Refer a friend to this job (https://careers-shi.icims.com/jobs/18029/sr.-vulnerability-management-analyst/job?mode=apply&apply=yes&in_iframe=1&hashed=-336032949)

Need help finding the right job?

We can recommend jobs specifically for you!

Job Locations US-Remote

Requisition ID 2024-18029

Compensation Structure Flat Base

Category Information Technology