Senior Vulnerability Management (VM) Analyst

Verisign is seeking a detail-oriented and proactive Senior Vulnerability Management (VM) Analyst with a focus on Secure Configuration Management (SCM) benchmark findings. This role will be responsible for analyzing, prioritizing, and remediating configuration-based vulnerabilities in collaboration with various technology teams. The ideal candidate will play a critical role in reducing risk by driving compliance with secure configuration baselines.

Key Responsibilities:

Secure Configuration Assessment:

• Perform regular reviews and assessments of SCM benchmark findings to identify deviations from established security baselines
• Leverage vulnerability scanning tools (e.g., Tenable, Qualys, WIZ) and configuration management platforms to detect and track misconfigurations

Prioritization and Risk Reduction:

• Collaborate with technology and security teams to prioritize remediation efforts based on risk impact, exploitability, and business impact
• Develop and maintain a risk-based prioritization framework for secure configuration findings
• Support the remediation of high-risk misconfigurations by providing technical guidance and best practices

Remediation and Collaboration:

• Work with infrastructure, cloud, and application teams to ensure configuration compliance with internal and industry standards
• Provide guidance on hardening system configurations (Windows, MAC, Linux, network devices, etc.) according to established benchmarks
• Track and validate remediation efforts to ensure effective closure of findings

Reporting and Documentation:

• Generate and deliver reports on configuration vulnerabilities, trends, and remediation progress to key stakeholders
• Review remediation plans, exceptions, and compensating controls with stakeholders
• Ensure accurate and timely documentation of configuration changes and updates

Continuous Improvement:

• Stay current with emerging security vulnerabilities, best practices, and secure configuration standards
• Identify opportunities for automation and process enhancement to streamline SCM activities
• Contribute to the development and maintenance of configuration hardening guidelines

Required Skills and Qualifications:

Experience:

• 10+ years of experience in vulnerability management, security operations, or system administration
• Hands-on experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) and configuration management platforms
• Familiarity with secure configuration benchmarks (CIS, DISA STIGs, etc.)
• Experience with ServiceNow SecOps
• Bachelors' degree or equivalent work experience 

Technical Skills:

• Strong understanding of operating system hardening (Windows, MAC, Linux) and network device configurations
• Experience with PowerShell, Python, or scripting for automation is a plus
• Knowledge of SIEM, SOAR, and ITSM platforms is beneficial

Soft Skills:

• Excellent analytical and problem-solving skills
• Strong communication skills with the ability to collaborate and influence across technology teams
• Detail-oriented with the ability to manage multiple priorities effectively
• Ability to partner with remediation teams to focus on remediation targets

Preferred Qualifications:

• Certifications such as CompTIA Security+, GIAC GCIH, CISSP, or CISA
• Experience with cloud security configurations (AWS, Azure, GCP)
• Familiarity with compliance frameworks (NIST, ISO 27001, PCI DSS)

This position is based in our Reston, VA office and offers a hybrid work environment.

The pay range is $164,300- $222,300. 

The anticipated annual base salary range for this position is noted above, however, base pay offered may vary depending on job-related knowledge, skills, experience. Verisign offers a discretionary bonus which is based on individual and company performance, and certain roles may be eligible for discretionary stock awards.