Vulnerability Analyst
$78k - $135kCoalfire-
What You'll Do Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments Translate technical vulnerability findings into risk‑based language for federal clients and authorization officials, presenting monthly status briefings as needed Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches Run regular and on‑demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures What You'll Bring 3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles Hands‑on expertise with operating system, database, network, container, web application, and API vulnerability management Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams Administrator‑level certification in AWS, Azure, or GCP Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including ability to assess attack surfaces and recommend cloud‑native remediation approaches Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks Understanding of NIST 800‑53 security controls, particularly RA‑5, SI‑2, CM‑6, and how continuous monitoring supports control implementation Experience with STIG benchmarks and automated compliance scanning tools (SCAP, SCC) Familiarity with baseline configuration standards (CIS Benchmarks, vendor hardening guides) and compliance posture reporting Ability to distinguish false positives from true vulnerabilities and articulate risk‑based justifications for deviation requests Proficiency in scripting languages (Python, PowerShell, Bash) for task automation, report generation, and remediation workflows Strong client‑facing communication and documentation skills, with ability to present technical findings to federal stakeholders and produce timely compliance reports Ability to work efficiently with cross‑functional technical teams to investigate, prioritize, and coordinate vulnerability remediation efforts Bachelor's degree or equivalent work experience US citizenship (required due to client contractual requirements) Bonus Points Security‑focused cloud certifications for AWS, Azure, or GCP CISSP certification Familiarity with container security scanning tools (Trivy, Anchore, Snyk) and Kubernetes security postures Knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools Familiarity with CI/CD security integration patterns and DevSecOps toolchains $78,000 - $135,000 a year The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at View email address on click.appcast.io. #J-18808-Ljbffr Coalfire-
- ...A premier health institution in New York is looking for a Sr. II Security Analyst specializing in vulnerabilities. This role involves conducting security assessments, analyzing security data, and coordinating remediation efforts. Candidates should have a Bachelor's degree...Suggested
$78k - $135k
Coalfire, located in Chicago, Illinois, is seeking a Vulnerability Management professional to oversee the lifecycle of security programs and manage compliance with key frameworks. Ideal candidates will have 3-5 years of experience in security operations and a strong understanding...Suggested- Alignerr is seeking a Vulnerability Management Analyst to help train and evaluate AI models by analyzing CVEs, exposure scenarios, and remediation workflows. This remote, hourly contract role offers flexible scheduling and global collaboration for qualified security practitioners...SuggestedRemote jobHourly payContract workFlexible hours
- cFocus Software Incorporated is seeking an Infrastructure Scanning Analyst to support the National Institutes of Health (NIH). This fully... ...a Public Trust clearance and involves conducting detailed vulnerability assessments in various systems. The ideal candidate will...SuggestedRemote job
- A technical staffing firm is seeking an IT Analyst for a remote contract position. The role involves reviewing Tenable Vulnerability Management systems, analyzing reports, prioritizing remediation efforts, and coordinating with technical teams. Ideal candidates should have...SuggestedRemote jobContract work
- ...Experience Range: 8-10 years Our client is seeking a Penetration Tester with 8-10 years of experience to review and validate vulnerability reports, perform targeted retesting, and coordinate remediation efforts across development and infrastructure teams....Contract workRemote work
- ...Penetration Tester (Ethical Hacker) We are seeking a skilled Penetration Tester to identify, assess, and help remediate security vulnerabilities across applications, networks, cloud environments, and enterprise systems. The ideal candidate will perform authorized security...Full timeRemote work
$110k - $130k
Position Title Vulnerability Management Analyst 2 Posting Information Posting Number: 2026-15806 Location: US-NY-New York Hybrid Remote Work Classification: Mostly Remote: Remote more than 60% of time Department: Security Operations School/Division: NYU IT (WS1170...Full timePart timeWork experience placementRemote work- ManpowerGroup is seeking a Vulnerability Management Analyst to oversee Enterprise Payments vulnerabilities. This remote position requires expertise in the Brinqa Vulnerability tool and advanced Excel skills to effectively lead remediation efforts and analyze vulnerability...Remote job
- Experis US LLC is looking for a Vulnerability Management Analyst to manage vulnerabilities in Enterprise Payments. This role involves reviewing vulnerability reports, leading remediation efforts, and producing analytics while working remotely. The ideal candidate will...Remote job
$100k - $145k
...to benefit people and society. Join us and be part of meaningful change! Job Description We are looking for an IT Risk & Vulnerability Analyst to support one of our strategic CIB clients in keeping their software secure and up to date. The ideal candidate has experience...$95.86k - $208.27k
The KPMG Advisory practice is at the forefront of transformation, offering excellent opportunities for individuals to advance their careers and expertise with KPMG. Looking ahead, we anticipate continued evolution and success within the practice, fostering both personal...H1bLocal area- A global consulting firm is seeking an IT Risk & Vulnerability Analyst to ensure software security and compliance for strategic clients. The role involves tracking software versions, collaborating with IT teams, and maintaining accurate reports. Candidates should have a...
- QUANTEAM - North America (RAINBOW PARTNERS Group) is seeking a Vulnerability & Patch Management Analyst to join their New York team. The successful candidate will manage the end-to-end VPM program, working closely with network teams and IT stakeholders in a global financial...
$1,000 per month
Join Our Team as a Website Tester at Little Wheel Little Wheel is a gambling technology company focused on researching and building products that put players first. We are currently hiring Website Testers across Michigan, New Jersey, Pennsylvania, and West Virginia...Extra incomeTemporary workSecond jobCurrently hiringImmediate startWork from homeFlexible hours$500 per month
Become a Professional Game Tester We're looking for passionate gamers to join our elite team of mobile game testers. Get paid to play and test the latest games before they launch. $500+ Avg Monthly Pay 5-10 Hours/Week 100% Remote Position Requirements: ...Remote work10 hours per weekFlexible hours$140k - $160k
..., firewalls, endpoints, Active Directory) and perform comprehensive web application security assessments covering OWASP Top 10 vulnerabilities, business logic flaws, authentication weaknesses, and API security issues - following OWASP, and MITRE ATT&CK and other methodologies...Temporary workWork at officeImmediate start2 days per week3 days per week$35 per hour
A mobile games company is seeking a Junior Software Tester to dive into the world of mobile games and enhance player experiences. This entry-level position allows you to work remotely, explore apps on your devices, and provide valuable feedback on functionality and user...Hourly payRemote work- A mobile game testing company is seeking a Freelance Software Tester to explore and analyze mobile applications. In this remote role, you'll provide critical feedback on app performance and usability. This position is ideal for beginners, requires no prior experience, ...FreelanceRemote work
- A technology feedback company is seeking a Freelance Product Tester to explore and review mobile applications. This entry-level position allows you to work remotely, sharing your insights into user experience and functionality. Ideal for beginners, this role offers flexibility...FreelanceRemote work
$104k - $156k
...embed security controls natively. Periodically provide recommendations on technical design of security controls aligned to vulnerabilities, risks, issues and/or events. Support purple-team exercises and control-efficacy testing to verify depth and resilience under...Remote work- ...Digital Forensic Analyst Employment Type: Full-Time, Mid-Level Department: Forensics CGS is seeking a Digital Forensic Analyst whose primary focus will be on the preservation & collection of mobile device and cloud‑stored data. This candidate should be fluent in a broad...Full timeWork at officeRemote workFlexible hours
- ...Tester with at least 5 years of experience. In this full-time role, you will be integral to performing redteam audits, identifying vulnerabilities, and developing mitigations for clients. Ideal candidates possess strong Linux and scripting skills, along with excellent...Remote jobFull time
- ...Digital Forensic Analyst Employment Type: Full-Time, Mid-Level Department: Forensics CGS is seeking a Digital Forensic Analyst whose primary focus will be on the preservation & collection of mobile device and cloud‑stored data. The ideal candidate should be fluent in a...Full timeWork at officeRemote workFlexible hours
$32 - $73 per hour
Fixpoint is hiring a Penetration Tester for a remote role with flexible hours. You'll perform various penetration tests, craft remediation reports, and collaborate with teams to enhance security. A minimum of 5 years full-time experience and native English proficiency is...Remote jobHourly payFull timeContract workFor contractorsFlexible hours- A leading gaming services company is looking for Community Game Testers to participate in paid, on-call test sessions. This flexible role allows you to test games from the comfort of your home using your own devices. Key responsibilities include evaluating user experience...Remote jobExtra incomeFlexible hours
- A leading tech company is seeking experienced cybersecurity professionals to evaluate AI-generated content regarding real-world security threats and defenses. Candidates will have the flexibility of choosing projects and work hours in a fully remote capacity. The ideal ...Remote job
- A local government health agency in New York is seeking a Network Administrator to oversee the operation and maintenance of LAN/WAN systems. The role involves troubleshooting network issues, implementing security protocols, and collaborating with cybersecurity teams. Candidates...Local area
- About the Company Rain makes the next generation of payments possible across the globe. We're a lean and mighty team of passionate builders and veteran founders. Our infrastructure makes stablecoins usable in the real-world by powering card transactions, cross-border...Work at officeWork from homeFlexible hours
$70k - $100k
...Windows server operation ~ LAN / WAN technologies ~ Virtualization and storage platforms ~ Security tools including endpoint protection and vulnerability assessment ~ Experience with Microsoft, Citrix, VMware environments ~ MSP / MSSP experience a plus...Full timeFor subcontractorRemote workVisa sponsorshipWeekend work2 days per week3 days per week
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Vulnerability Analyst. Be the first to apply!

