Vulnerability Management Analyst

The Vulnerability Management (VM) Analyst is a hands-on practitioner responsible for discovering, analyzing, prioritizing, and tracking remediation of vulnerabilities across endpoints, servers, cloud platforms, containers, and applications. The analyst operates the VM toolset, improves scan coverage and data quality, partners with system and application owners to drive remediation within policy SLAs, and produces clear, actionable reporting for both technical teams and leadership. The role supports zero-day events, audit requests, and continuous program maturation as part of the enterprise VM program governed by our Patch & Vulnerability Management Standard.

Duties and Responsibilities

• Scanning Operations & Coverage
  • Execute authenticated and agent-based scans using Qualys (VMDR, WAS/TotalAppSec) for on-premises, cloud assets, containers, and web applications.
  • Manage Suridata for SaaS security posture and asset discovery.
  • Assist with Veracode application security scanning and reporting.
  • Maintain scan schedules, credentials, and agent health; expand coverage to new assets and services.
  • Coordinate with platform owners to enable safe scanning and validate rescans.
• Triage, Analysis & Prioritization
  • Review and triage scan results, reducing false positives and noise.
  • Apply risk-based frameworks (CVSS v3.1, CISA KEV, EPSS, asset criticality) to prioritize remediation.
  • Provide clear remediation guidance and document knowledgebase notes.
• Remediation Coordination & Tracking
  • Create and route remediation tickets via ITSM platforms (e.g., ServiceNow, Jira).
  • Track SLA attainment and escalate issues as needed.
  • Partner with infrastructure, desktop, cloud, and application teams to resolve blockers.
  • Validate fixes through rescans and close tickets with evidence.
• Data Quality, Integrations & Automation
  • Improve asset-to-owner mapping and tag critical systems.
  • Support automation for ticket creation, routing, and exception reviews.
  • Maintain operational runbooks and playbooks.
• Reporting, Metrics & Audit Support
  • Build and publish dashboards on coverage, SLA performance, exception inventory, and risk reduction.
  • Provide evidence for internal/external audits and customer security reviews.
• Exceptions & Risk Acceptance
  • Process exception requests per policy, ensuring compensating controls and tracking expiry/review dates.
  • Monitor and drive timely renewal or closure of exceptions.
• Zero-Day / Major Event Response
  • Assist with rapid assessment, scoping, communication, and mitigation during critical events.
  • Participate in after-hours rotations as needed.
• Performs related duties as assigned by management.

Qualifications and Education Requirements

• Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience.
• 2-4 years in Information Security or Systems Engineering, including 2+ years directly operating a vulnerability management program or toolset in a multi-platform environment.
• Exposure to Windows/Linux patching, cloud platforms (Azure/AWS), container registries, and network devices; understanding of change management and maintenance windows.
• Familiarity with NIST CSF/ISO 27001; experience supporting audits and customer security requests preferred.
• Preferred Certifications: Security+, CySA+, GSEC, AZ-500, Qualys VMDR Specialist, or similar.

Skills, Abilities, and Knowledge

• Technical depth in vulnerability scanning, agent management, and authenticated scans across Windows/Linux, cloud workloads, and containers.
• Ability to apply risk analysis frameworks and understand exploitability and business impact.
• Scripting experience (PowerShell and/or Python) and comfort with Excel/Power BI or SQL for reporting.
• Familiarity with ITSM/CMDB integrations.
• Strong communication skills for translating technical findings into actionable tickets and summaries.
• Process discipline for maintaining documentation and audit evidence.

Additional Information:

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits:

Newrez is a great place to work but we are only as strong as our greatest asset, our employees, so we believe in rewarding them!

• Medical, dental, and vision insurance

• Health Savings Account with employer contribution

• 401(k) Retirement plan with employer match

• Paid Maternity Leave/Parental Bonding Leave

• Pet insurance

• Adoption Assistance

• Tuition reimbursement

• Employee Loan Program

• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members

Newrez NOW:

• Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more

• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice

• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee

• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions

Equal Employment Opportunity 
We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection