Ethical Hacker (remote)

We are currently looking for a Vulnerability Analyst in United States.

This role sits at the core of enterprise cybersecurity operations, ensuring that vulnerabilities are continuously identified, assessed, and remediated across complex, cloud-based environments. The position combines hands-on technical vulnerability management with compliance-driven security monitoring for highly regulated frameworks such as FedRAMP, PCI, and HITRUST. You will work closely with engineering, cloud, and DevSecOps teams to embed security into CI/CD pipelines and modern infrastructure. The role also involves translating technical findings into clear, risk-based insights for clients and federal stakeholders. Operating in a fast-paced consulting environment, you will support continuous monitoring programs, audit readiness, and authorization activities. In this role, you will manage end-to-end vulnerability operations and compliance-aligned security monitoring across cloud and enterprise environments:

Manage the full POA&M lifecycle, including tracking, updates, risk justification, and coordination with assessors and stakeholders.

Conduct vulnerability scanning across systems, applications, databases, networks, and cloud environments, ensuring timely remediation tracking.

Analyze scan results, identify false positives, and prepare risk-based deviation documentation and supporting assessments.

Maintain security control evidence, system inventories, and authorization boundary documentation for compliance reporting and audits.

Support continuous monitoring activities aligned with frameworks such as FedRAMP, HITRUST, PCI, and NIST 800-53.

Collaborate with engineering, SRE, and DevSecOps teams to integrate vulnerability management into CI/CD pipelines and cloud platforms.

Produce monthly reports, client updates, and executive briefings translating technical vulnerabilities into actionable risk insights.

This role requires strong technical security expertise, hands-on vulnerability management experience, and familiarity with regulated cloud environments:

• 3–5 years of experience in vulnerability management, security operations, or compliance-focused cybersecurity roles.
• Hands-on experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Wiz, or similar platforms.
• Experience working within cloud environments such as AWS, Azure, or GCP, including security controls and attack surface analysis.
• CVSS) and risk prioritization methodologies.
• Ability to distinguish false positives and produce risk-based remediation or deviation justifications.
• Proficiency in scripting (Python, PowerShell, or Bash) for automation and reporting is a plus.

Performance-based incentive and recognition programs

Flexible work arrangements (remote or hybrid options depending on role requirements)

Comprehensive health, dental, vision, and insurance coverage

Flexible time off policy

Certification, training, and professional development reimbursement

Opportunities to participate in employee communities and engagement programs

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. If you would like more information about how your data is processed, please contact us.