Vulnerability Assessment Analyst IV 4P/715

Vulnerability Assessment Analyst IV – Container Security & Exposure Management Location: Birmingham, AL or Atlanta, GA Client: Southern Company Services Contract Duration: 15 Months Work Schedule: Hybrid – 4 days onsite Experience: 10+ Years Job Summary We are seeking an experienced Vulnerability Assessment Analyst IV to support container security and exposure management within a cybersecurity organization. This role will focus on identifying, validating, and assessing security vulnerabilities across IT/OT systems, cloud-native platforms, Kubernetes, OpenShift, Docker, container images, clusters, pipelines, and supporting infrastructure. The ideal candidate will have strong hands‑on experience with vulnerability assessment, container security, DevSecOps, exposure management, attack path analysis, scripting, and risk reporting. Key Responsibilities Identify and assess security vulnerabilities across IT and OT systems. Perform vulnerability scans and analyze exposures in web applications, networks, systems, embedded devices, firmware, and containerized environments. Evaluate container security risks across Kubernetes, OpenShift, Docker, AKS, EKS, GKE, and similar platforms. Assess container images, base images, dependencies, Kubernetes manifests, Helm charts, runtimes, RBAC, network policies, secrets handling, and cluster configurations. Validate exposure paths and determine real‑world exploit potential. Conduct attack path mapping and prioritize high‑risk vulnerabilities. Support exposure management operations, including data review, reporting, trend analysis, remediation tracking, and escalation. Partner with platform, infrastructure, application, DevOps, and security teams to recommend practical mitigation strategies. Monitor emerging threats, zero‑days, CVEs, and exploitation methods. Translate technical findings into clear business risk summaries for stakeholders and leadership. Required Qualifications 10+ years of experience in cybersecurity, vulnerability assessment, exposure management, DevSecOps, infrastructure security, or related roles. Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience. Strong experience with Kubernetes, OpenShift, Docker, AKS, EKS, GKE, or similar container platforms. Ability to assess vulnerabilities in container images, dependencies, manifests, Helm charts, runtimes, and cluster configurations. Knowledge of container security controls such as image scanning, least privilege, non‑root containers, secrets handling, RBAC, pod security standards, network policies, and runtime monitoring. Experience with vulnerability management, attack surface management, cloud security posture management, and exposure management. Proficiency with scripting languages such as Python, PowerShell, or Bash. Familiarity with OWASP methodologies and common application/system vulnerabilities. Experience with SIEM platforms for detection validation and log analysis. Strong analytical, troubleshooting, communication, and documentation skills. Must pass NERC CIP and Insider Threat Protection background checks. Preferred Qualifications Experience in DevSecOps, application security, offensive security, penetration testing, adversarial threat simulation, or container platform engineering. Certifications such as CKS, CKAD, CKA, OSCP, CEH, GSEC, CISSP, or CISA. Experience supporting IT and OT security environments. Experience working with cloud‑native enterprise systems and CI/CD pipelines. Key Skills Vulnerability Assessment, Container Security, Exposure Management, Kubernetes, OpenShift, Docker, DevSecOps, IT/OT Security, Cloud Security, Attack Path Mapping, Vulnerability Management, SIEM, OWASP, RBAC, Image Scanning, Runtime Monitoring, Python, PowerShell, Bash, CI/CD Security, Risk Reporting. #J-18808-Ljbffr 4p-Consulting-Inc.