Cybersecurity Analyst III
Upbound Group Inc.
Cybersecurity Analyst III Vulnerability Management Specialist Information Security | Cybersecurity Operations On-Site, Full-Time About the Role This position is the senior technical owner of our enterprise vulnerability management program. The ideal candidate combines deep technical expertise with the communication skills and organizational influence needed to drive risk reduction outcomes across the business. Incident response support is a secondary but meaningful responsibility. Job Purpose The Cybersecurity Analyst III — Vulnerability Management Specialist leads our enterprise vulnerability management program across cloud, endpoint, network, and identity environments. This role is responsible for the full vulnerability lifecycle: continuous discovery and scanning, risk-based prioritization, coordinated remediation, validation, and executive reporting. This is a program leadership role, not simply an analyst seat. The right candidate drives measurable risk reduction by building strong cross-functional relationships, maintaining clear remediation SLAs, and ensuring the organization consistently moves from vulnerability identification to resolution. In addition to owning the VM program, this analyst supports cybersecurity incident response efforts, contributing environmental knowledge and analytical depth when incidents arise. Key Responsibilities Vulnerability Management Program Leadership (Primary Focus — ~70–80%) Lead the enterprise vulnerability management lifecycle: asset discovery, continuous scanning, risk-based prioritization, remediation coordination, validation, and reporting. Define and maintain SLA/remediation timelines by risk tier and manage escalation paths for items approaching or exceeding thresholds. Partner with infrastructure, cloud, engineering, application, and endpoint teams to ensure vulnerability findings is clearly communicated, ownership is assigned, and remediation is completed on schedule. Translate vulnerability data into business context: deliver clear reporting for technical teams and concise risk summaries for executive audiences that reflect progress, trends, and areas of focus. Prioritize vulnerabilities using risk-based methodologies that incorporate CVSS scores, EPSS, CISA KEV, asset criticality, business impact, and active threat intelligence — not severity scores in isolation. Maintain a formal risk acceptance and exception process, including documentation of business justification, compensating controls, and expiration timelines. Integrate vulnerability findings into ticketing and ITSM workflows (e.g., ServiceNow, Jira) to ensure every finding has an assigned owner, a due date, and a tracked resolution path. Develop and maintain program KPIs: vulnerability fix rate, mean time to remediate (MTTR), scan coverage, exception aging, and sustained reduction in critical/high exposure. Facilitate regular stakeholder reviews with technology teams to assess remediation progress, surface blockers, and maintain shared accountability for risk outcomes. Continuously refine scanning coverage, tool configurations, and program policies in response to environmental changes and evolving threats. Monitor threat intelligence feeds, vulnerability disclosures, and CISA KEV to identify newly weaponized vulnerabilities that warrant accelerated remediation cycles. Coordinate formal risk acceptance decisions with leadership for findings that cannot be addressed within standard timelines; maintain auditable records of approvals. Incident Response Support (Secondary Focus — ~20–30%) Support cybersecurity incident response activities including triage, containment, eradication, recovery, and post-incident review. Apply vulnerability landscape knowledge and asset inventory familiarity to provide rapid environmental context during active investigations. Participate in incident post-mortems and incorporate findings into vulnerability management program improvements. Contribute to security documentation including runbooks, playbooks, and vulnerability management procedures. Cross-Functional Collaboration & Communication Serve as the primary security point of contact for technology teams on vulnerability obligations, remediation expectations, and risk escalation. Advise technology partners on patch management strategies, configuration hardening, and compensating controls. Support internal audit and compliance engagements by demonstrating control effectiveness against SOX, PCI-DSS, and other applicable frameworks. Promote security awareness among technology partners by providing clear context on why remediation requirements exist and how they protect the organization. Who Thrives Here This role is best suited for a security professional who takes ownership seriously — someone who is as focused on getting vulnerabilities fixed as they are on finding them. If you are energized by building relationships, navigating organizational dynamics, and tracking risk metrics over time, you will find this role deeply rewarding. Required Qualifications Vulnerability Management Expertise 5+ years of experience in cybersecurity operations, with at least 3 years in a role focused on enterprise vulnerability management. Hands-on experience with enterprise vulnerability scanning platforms such as Tenable (Nessus / Tenable.io / Tenable.sc), Qualys, or Rapid7 InsightVM. Demonstrated experience owning a vulnerability management program end to end, including SLA development, remediation coordination, and stakeholder accountability. Experience integrating vulnerability findings with ITSM or ticketing platforms (ServiceNow, Jira, or equivalent) to operationalize remediation workflows. Strong command of risk-based vulnerability prioritization frameworks: CVSS, EPSS, CISA KEV, asset criticality, and business impact analysis. Experience developing vulnerability metrics, executive dashboards, and program performance reporting. Familiarity with vulnerability lifecycle management practices: risk acceptance, exception handling, compensating controls, and SLA governance. Stakeholder Engagement & Cross-Functional Influence Proven ability to drive remediation outcomes through technology teams (infrastructure, cloud, engineering, application) using influence, communication, and structured accountability — without direct management authority. Strong written and verbal communication skills with the ability to tailor messaging for technical and non-technical audiences alike. Experience facilitating recurring stakeholder forums such as remediation review meetings, and maintaining follow-through on commitments via escalation when needed. Demonstrated ability to build credibility and collaborative relationships across peer teams. Technical Depth Solid understanding of cloud security in AWS and/or Azure environments, including cloud-native security tooling and logging architectures. Familiarity with endpoint protection, network monitoring, intrusion detection, and IAM platforms. Working knowledge of core network protocols (TCP/IP, DNS, SMTP, etc.). Experience with SIEM platforms and security log analysis. Familiarity with the MITRE ATT&CK framework and how adversary TTPs inform vulnerability prioritization. Foundational knowledge of incident response concepts and practices sufficient to contribute meaningfully when called upon. Preferred Qualifications Relevant certifications: CISSP, GPEN, GWAPT, CompTIA Security+, Tenable Certified, Qualys Certified, or equivalent. Familiarity with SOX and PCI-DSS compliance requirements as they relate to vulnerability and patch management. Experience with exposure management methodologies such as Continuous Threat Exposure Management (CTEM) and attack surface management. Familiarity with SOAR platforms or automation tools used to streamline vulnerability-to-ticket workflows. Experience with Microsoft Defender suite, Rapid7, or comparable enterprise security platforms. Exposure to penetration testing or adversary emulation methodologies to inform vulnerability prioritization. Familiarity with AI-assisted attack techniques and their implications for vulnerability exploit timelines. What Success Looks Like All critical and high vulnerabilities tracked in integrated workflows with clear ownership and due dates Consistent remediation within defined SLA timelines across technology teams Measurable, sustained reduction in mean time to remediate (MTTR) for critical and high findings Reliable executive reporting cadence with meaningful risk trend data Comprehensive scan coverage across endpoint, cloud, network, and identity environments Additional Information This position requires on-site presence five days per week (Monday – Friday). Sponsorship Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time. You will join a collaborative and growing Cybersecurity Operations team where your leadership of the vulnerability management program directly shapes the organization’s security posture. This is a high-visibility role with broad cross-functional reach, real ownership, and the opportunity to make a measurable difference. If you are looking for a position where your work has clear, demonstrable impact on risk reduction, we want to hear from you. #J-18808-Ljbffr Upbound Group Inc.
- Network Engineer III Senior Enterprise Network Security Engineer designed, secures, and operates the University’s enterprise network... .... The role blends advanced network engineering with cybersecurity, emphasizing Palo Alto (PANOS/Prisma Access) and Juniper (EX/QFX...SuggestedWork at officeRemote work
- Scrum Master III Technology Operations and Engineering, Digital Business Operations Who We Are At Upbound Group, we are committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving...SuggestedLocal areaWork visaMonday to Friday
- ...rewarding opportunity for you to take your software engineering career to the next level. As an iOS Mobile Platform Software Engineer III at JPMorganChase within the Consumer & Community Banking, you serve as a seasoned member of an agile team to design and deliver...Suggested
- Program Planning and Scheduling Analyst III The Program Planning and Scheduling Analyst III leads the development and management of comprehensive project schedules for large‑scale and complex programs within the ISR, Aviation, and Security (IAS) business area. The role...SuggestedWork at office
$95k - $110k
...by U.S. export control laws, including ITAR. Candidates must be eligible to access such information. Job Description The Cybersecurity Specialist positions purpose is to protect the organization's digital assets, networks, and data from cyberattacks, theft, or damage...SuggestedWork experience placementRelocation package- ...meaningful work environment that supports and protects explorers and heroes? Join our team! The Program Planning and Scheduling Analyst III leads the development and management of comprehensive project schedules for large-scale and complex programs. This role ensures the...Work at office
- KFC Corporation is seeking a Product Operations Analyst III, RED360 to support various initiatives related to customer data and marketing technology. This role is integral in collaborating with Brand, Marketing, Engineering, and Operations to translate business requirements...
$95.2k - $124.95k
...HVAC) industry. We are guided by our core values of Integrity, Respect, and Excellence.We have an opening for a Digital Business Analyst III. This person will play a crucial role in supporting key digital products across B2B ecommerce and other areas. The Business Analyst...Temporary work- North Texas Municipal Water District seeks a cybersecurity professional to enhance the security of Operational Technology (OT) environments. This role involves monitoring and assessing cybersecurity measures while ensuring compliance with industry standards. You will collaborate...
- North Texas Municipal Water is seeking a cybersecurity professional to safeguard Operational Technology (OT) environments including SCADA systems. This role involves improving the OT cybersecurity posture, collaborating with various teams, and ensuring compliance with regulatory...
- At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place...Shift workDay shift
- Get notified about new Information Technology Security Analyst jobs in United States . 1,000+ Information Technology Security Analyst Jobs in United States Information Systems Security Officer (ISSO) Information Systems Security Officer (ISSO) Information Systems Security...
$105.79k - $141.05k
Lumen is the trusted network for the AI‑powered world, connecting people, data, and applications through our expansive fiber network and connected ecosystem. We enable secure, high‑performance connectivity across cloud, edge, and AI workloads for enterprises, governments...Full timeTemporary workRemote work- ...systems. Qualifications Bachelor's Degree or Equivalent experience 2+ years Experience within installing, configuring, and using cybersecurity software for securing data. Knowledge of NetApp, Varonis and Trend Micro Server Protect is a bonus. Exceptional understanding...Worldwide
$95k - $125k
Job Title: Business Central Analyst III Job ID: 87701 Location: Frisco, Texas Overview Our client, a veteran owned retail brand is looking for a Business Central Analyst to take ownership of supporting, improving, and evolving our Microsoft Dynamics 365 Business Central...- US Citizens & Permanent Residents ONLY Job Title: Business Analyst III Location (Onsite, No Remote): Cary, NC or Carrolton, TX Responsibilities A Business Analyst III takes a more proactive role in analyzing business needs and translating them into effective technology...Permanent employmentWork experience placementRemote work
- [Position Overview] Job Title: Business Analyst 3 - Data Analysis & Business Intelligence Education: Bachelor's degree in Business or related field (MBA or advanced degree preferred) 4+ years of experience in data analysis, business analysis, or financial analysis Job Type...Hourly payFull timeH1b
$50 - $55 per hour
Vendor Manager An excellent opportunity for Vendor Manager to work with one of the largest global banks in Plano, TX. Open for other location: Charlotte, NC. Pay Range: $50/hr $55/hr. Vendor Management and Third-Party Governance Oversee the legal vendor portfolio, including...Contract workTemporary work$75k - $130k
...We are seeking a highly analytical and detail-oriented Product Analyst to act as a "Context Designer" for Pennymac's voice AI and prompt... ...Product Analyst, Business Analyst, or similar role (targeting Analyst III level). A non-engineer with a strong "technical bent" and the...Work at office- The University of Texas at Dallas is seeking a Network Engineer III to design, secure, and operate the university's enterprise network. The role emphasizes Palo Alto PAN-OS/Prisma Access and Juniper platforms, with automation using Ansible, Python, and Git/Terraform to...Remote job
- SBT Global, Inc. is seeking a Network Technician in Plano, Texas to maintain computer networks and ensure optimal wireless coverage. The role involves configuring Aruba hardware and implementing robust security measures. The ideal candidate will have over 5 years of experience...
- ...place for you. Ready to raise the bar for your career? We'd love to connect. Field CISO The Field CISO serves as a trusted cybersecurity advisor to CyberOne customers, partnering with executive stakeholders to align cybersecurity strategies with business objectives...Casual workWork at officeRemote workAfternoon shift
- ...Cybersecurity Assessments And Exercises Vice President Drive the security of critical banking applications and platforms through hands-on offensive testing. As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization, you...
- Overview The Infosys Financial Services unit is a global leader in driving digital transformation for financial institutions. We specialize in leveraging advanced technologies such as AI, cloud, and data‑led innovation to help our clients accelerate growth and unlock business...Temporary workRelocation
- Infosys is looking for a talented professional to join the team focused on digital transformation at financial institutions. You will engage in security testing, collaborate with development teams, and contribute to enhancing applications across the sector. The ideal candidate...
- Itlearn360 is seeking a Network Engineer in Plano, TX. The ideal candidate should have over 7 years of experience with network security, particularly using F5 BigIP and Fortinet, as well as hands-on knowledge with NetScaler, Cisco, and Palo Alto products. Responsibilities...Shift work
- Responsibilities Your primary work will involve using our SIEM platform to fully investigate network security events, documenting your investigations in writing via a ticketing system, communicating with stakeholders, and resolving any identified issues. Gather and analyze...Work experience placement
$118k
...SAP GRC Analyst / SAP Security Analyst Location: Monday - Friday - Onsite in Richardson, TX Employment Type: Direct Hire - Full-Time Employment Salary Range: $118K + Bonus Position Overview We are seeking an experienced SAP GRC Analyst...Full timeMonday to Friday- .../Province: Texas City: Richardson General Overview Functional Area: OPS - Operations Career Stream: SUP - Operations Support Role: Analyst SAP Short Name: ANA Job Title: Security Analyst Job Code: ANA-OPS-SEC Job Level: Band 07 Direct/Indirect Indicator: Indirect Summary...Local area
- The Vulnerability Management Team is the core function of Toyota Motor North America and is tasked with continually improving the security posture of Toyota Motor North America through the analysis of vulnerability and threat data, responding appropriately to the result...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cybersecurity Analyst III. Be the first to apply!
- cybersecurity policy and compliance analyst Plano, TX
- cybersecurity specialist Plano, TX
- cyber security incident responder Plano, TX
- senior cybersecurity engineer Plano, TX
- cyber security Plano, TX
- cyber security architect Plano, TX
- cybersecurity Plano, TX
- cyber security intern Plano, TX
- remote cyber security Plano, TX
- cyber security part time Plano, TX



