Vulnerability Analyst
Coalfire
About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever‑changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem‑solvers who are hungry to learn, grow, and make a difference. What You’ll Do Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments Translate technical vulnerability findings into risk‑based language for federal clients and authorization officials, presenting monthly status briefings as needed Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms Participate in change‑management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches Run regular and on‑demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures What You’ll Bring 3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles Hands‑on expertise with operating system, database, network, container, web application, and API vulnerability management Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams Administrator‑level certification in AWS, Azure, or GCP Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including ability to assess attack surfaces and recommend cloud‑native remediation approaches Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks Understanding of NIST 800‑53 security controls, particularly RA‑5, SI‑2, CM‑6, and how continuous monitoring supports control implementation Experience with STIG benchmarks and automated compliance scanning tools (SCAP, SCC) Familiarity with baseline configuration standards (CIS Benchmarks, vendor hardening guides) and compliance posture reporting Ability to distinguish false positives from true vulnerabilities and articulate risk‑based justifications for deviation requests Proficiency in scripting languages (Python, PowerShell, Bash) for task automation, report generation, and remediation workflows Strong client‑facing communication and documentation skills, with ability to present technical findings to federal stakeholders and produce timely compliance reports Ability to work efficiently with cross‑functional technical teams to investigate, prioritize, and coordinate vulnerability remediation efforts Bachelor’s degree or equivalent work experience. US citizenship (required due to client contractual requirements) Bonus Points Security‑focused cloud certifications for AWS, Azure, or GCP CISSP certification Familiarity with container security scanning tools (Trivy, Anchore, Snyk) and Kubernetes security postures Knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools Familiarity with CI/CD security integration patterns and DevSecOps toolchains Why You’ll Want to Join Us At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in‑person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at View email address on click.appcast.io. #J-18808-Ljbffr Coalfire
$78k - $135k
...for false positives, document justifications, and prepare deviation requests with supporting risk assessments Translate technical vulnerability findings into risk‑based language for federal clients and authorization officials, presenting monthly status briefings as needed...SuggestedWork experience placementWork at officeFlexible hours$93.5k - $121k
...Vulnerability Analyst At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products...SuggestedWork at officeImmediate startFlexible hours$95.86k - $208.27k
The KPMG Advisory practice is at the forefront of transformation, offering excellent opportunities for individuals to advance their careers and expertise with KPMG. Looking ahead, we anticipate continued evolution and success within the practice, fostering both personal...SuggestedFull timeH1bLocal area$78k - $135k
Coalfire Systems seeks a Vulnerability Management Specialist to oversee compliance and security across platforms. This role includes managing assessments, collaborating with teams, and ensuring compliance with frameworks like FedRAMP and PCI. The ideal candidate has significant...SuggestedFlexible hours- Coalfire, based in Chicago, is seeking a Vulnerability Management Specialist. This role will manage the lifecycle of vulnerability actions and collaborate with technical teams across various cloud environments. The ideal candidate will have 3-5 years of experience in vulnerability...SuggestedFlexible hours
$160k - $205k
...security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. Key Responsibilities: Perform assigned analysis of internal and external threats on...$500 per month
Become a Professional Game Tester We're looking for passionate gamers to join our elite team of mobile game testers. Get paid to play and test the latest games before they launch. $500+ Avg Monthly Pay 5-10 Hours/Week 100% Remote Position Requirements: ...Remote work10 hours per week$78k - $135k
Koitecc Solutions is hiring a Vulnerability Analyst in Chicago, Illinois. The role involves managing the lifecycle of vulnerability assessments, collaborating with federal stakeholders, and ensuring compliance with security frameworks. Ideal candidates will have over 5...Work experience placement$104k - $156k
...embed security controls natively. Periodically provide recommendations on technical design of security controls aligned to vulnerabilities, risks, issues and/or events. Support purple-team exercises and control-efficacy testing to verify depth and resilience under...Remote work- ...system integrity. Emerging Threats and Innovation Monitor the threat landscape and emerging technologies to proactively address vulnerabilities. Develop partnerships with industry groups, government agencies, and vendors to stay ahead of cybersecurity trends. Oversee...
- Urbane Security is looking for talented professionals in offensive and defensive security to enhance their Security Services team. The role involves extensive penetration testing, risk assessment, and developing tailored security solutions. Applicants should have strong...
- ..., firewalls, endpoints, Active Directory) and perform comprehensive web application security assessments covering OWASP Top 10 vulnerabilities, business logic flaws, authentication weaknesses, and API security issues — following OWASP, and MITRE ATT&CK and other methodologies...Full timeTemporary workWork at officeImmediate start2 days per week3 days per week
$174k - $239k
Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex...Permanent employmentLocal areaWorldwideFlexible hours- Chief Information Security Officer (CISO) bluestone Executive Search specializes in aligning top companies across vast industries with superior, high-level IT professionals worldwide. Job Description Our Client is seeking a Chief Information Security Officer (...Worldwide
- ...and auditing procedures, from both technical and business perspectives, and the use of formal methodologies such as NSA IAM Vulnerability scanning and auditing tools Enterprise-scale network and host-based IDS architectures E-commerce application security Computer...Contract workWork at office
- Location: Remote (U.S. or Canada) Type: US Applicants - Full-Time; Canadian Applicants - Independent Contractor About Human Agency We're scaling rapidly and have a growing pipeline of opportunities that demand exceptional talent across disciplines. Our mission...Full timeFor contractorsRemote workDay shift
- Adoreal Inc. is seeking a hands-on Senior Manager, IT & Engineering in Chicago, IL. This hybrid role involves building the IT function, leading security and compliance initiatives, and managing an IT team. You'll partner closely with engineering leadership on secure development...Remote job
$99k - $232k
...cybersecurity focus on protecting organizations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in security architecture at PwC...Full timeH1b- ...Litigation Systems Analyst Employment Type: Full Time, Mid-level CGS is seeking a Systems Analyst to join our team supporting a wide-ranging technical support initiative for a large Federal agency's ongoing litigation efforts. CGS brings motivated, highly skilled...Full timeContract workFor contractorsWork at officeRemote workFlexible hours
- Required skills : Experience Level: 4-7 Years Skills/Tools: Cucumber with Serenity, assert, RestAssured, Wiremock, Junits, Mockito, Selenium/Playwright, Gatling, Java Springboot and batch, JPA Language: English & Spanish Role Expectation: Strong understanding of Java Spring...Shift work
- Equity LifeStyle Properties, Inc. is hiring an IT Security Administrator in Chicago, Illinois. This role involves a variety of operational and tactical responsibilities in IT security, including monitoring and implementing security controls across various environments. ...
$64k - $117k
About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever‑changing cybersecurity...Work at officeFlexible hours- ...Senior Systems Analyst Employment Type: Full Time, Senior-level Department: Information Technology CGS is seeking a Senior Systems Analyst to join our team supporting a wide-ranging technical support initiative for a large Federal agency. CGS brings motivated, highly skilled...Full timeContract workFor contractorsWork at officeFlexible hours
- Digital Forensic Analyst Employment Type: Full-Time, Mid-Level Department: Forensics CGS is seeking a Digital Forensic Analyst whose primary focus will be on the preservation & collection of mobile device and cloud‑stored data. The ideal candidate should be fluent in...Full timeWork at officeRemote workFlexible hours
- Overview: Dear Partner,Good Morning ,Greetings from Nukasani group Inc !, We have below urgent long term contract project immediately available for **Senior IT Auditor, Chicago, IL, _Onsite_** need submissions you please review the below role, if you are available...Long term contractFor contractorsWork at officeLocal areaImmediate startDay shift
$87.7k - $164k
...value. The opportunity Cyber Triage and Forensics (CTF) Incident Analyst will work as a senior member of the technical team... ...malware reverse engineering Understanding of security threats, vulnerabilities, and incident response Understanding of electronic investigation...Summer holidayLocal areaFlexible hours$99k - $232k
...cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cloud security at PwC, you will be...Full timeH1b$145k - $192.5k
...integration across the enterprise. Act as a technical expert on AI‑driven cybersecurity initiatives, mentoring junior engineers and analysts. Prototype and evaluate emerging AI technologies for applicability in cyber threat detection and response. Serve as a thought...Shift workDay shift$155k - $410k
...cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cloud security at PwC, you will be...Temporary workH1b$96.4k - $114.1k
Company Federal Reserve Bank of Chicago The Federal Reserve is one of the most recognizable brands around the world. The Federal Reserve is the central bank of the United States-one of the world's most influential, trusted and prestigious financial organizations...Full timeTemporary workPart timeWork experience placementVisa sponsorshipShift work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Vulnerability Analyst. Be the first to apply!




