RemoteLeaf Logo
Log in Sign up

Vulnerability Analyst

6 hours, 2 minutes ago
United States
Full-time
Mid Level
Security Analyst
DevOps and Infrastructure
AWS Azure Bash Burp Suite CI/CD Cybersecurity DevSecOps GCP Kubernetes PowerShell Prisma Python
Apply Now
Coalfire

Coalfire

Coalfire is a cybersecurity advisor that helps organizations avert threats, reduce risk, and turn security into a competitive advantage, fueling their success.

Internet Software & Services
251-1K
Founded 2001
$9M raised
View All Jobs 13

Description

  • Manage the POA&M lifecycle, including creation, tracking, risk adjustment justification, and deviation requests with 3PAO assessors and federal stakeholders.
  • Collect, organize, and maintain security control evidence and artifacts for continuous monitoring and assessment/authorization activities.
  • Maintain accurate system inventory and authorization boundary documentation to keep scanning scope aligned with approved boundaries.
  • Analyze scan results, identify false positives, document justifications, and prepare deviation requests with supporting risk assessments.
  • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, including monthly status briefings.
  • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments, and container/Kubernetes platforms.
  • Participate in change management processes to keep continuous monitoring aligned with system changes and compliance posture.
  • Support enterprise vulnerability management tools, including updates, patches, and ongoing operation of scanning and reporting workflows.
  • Run regular and on-demand scans across operating systems, databases, web applications, and containers, and coordinate remediation ticketing with technical teams.
  • Track vendor dependencies, operational requirements, and open vulnerabilities, and produce monthly client reports and updates.
  • Improve internal standards, documentation, training materials, and standard operating procedures.

Requirements

  • 3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles.
  • Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management.
  • Experience supporting vulnerability management in at least two cloud providers: AWS, Azure, or GCP.
  • Experience working within at least one compliance framework such as FedRAMP, HITRUST, or PCI, including risk assessment and reporting.
  • Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams.
  • Administrator-level certification in AWS, Azure, or GCP.
  • Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including assessment of attack surfaces and cloud-native remediation approaches.
  • Strong knowledge of vulnerability scanning technologies and methods, including CVSS, CMSS, and risk prioritization frameworks.
  • Understanding of NIST 800-53 controls, especially RA-5, SI-2, and CM-6, and how continuous monitoring supports control implementation.
  • Experience with STIG benchmarks and automated compliance scanning tools such as SCAP and SCC.
  • Familiarity with baseline configuration standards such as CIS Benchmarks and vendor hardening guides.
  • Ability to distinguish false positives from true vulnerabilities and write risk-based deviation justifications.
  • Proficiency in scripting languages such as Python, PowerShell, or Bash for automation, report generation, and remediation workflows.
  • Strong client-facing communication and documentation skills, with the ability to present technical findings to federal stakeholders.
  • Ability to work effectively with cross-functional technical teams to investigate, prioritize, and coordinate remediation efforts.
  • Bachelor’s degree or equivalent work experience.
  • US citizenship is required due to client contractual requirements.
  • Preferred: security-focused cloud certifications for AWS, Azure, or GCP.
  • Preferred: CISSP certification.
  • Preferred: familiarity with container security scanning tools such as Trivy, Anchore, or Snyk and Kubernetes security postures.
  • Preferred: knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools.
  • Preferred: familiarity with CI/CD security integration patterns and DevSecOps toolchains.

Benefits

  • Salary range of $78,000 to $135,000 per year.
  • Eligibility for annual incentive, commission, and/or recognition programs.
  • Flexible work model with the ability to choose when and where you work, including remote options.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Mercier Consultancy

French Speaking Digital Trust and Safety Analyst - Work In Sofia

Mercier Consultancy Professional Services

Mercier Consultancy MD is hiring a French Speaking Digital Trust and Safety Analyst in Sofia to monitor, investigate, and manage online content and policy compliance to help maintain a safe digital environment.

Belgium Bulgaria France Greece Portugal Spain Full-time Junior Security Analyst
6 hours, 2 minutes ago
GuidePoint Security

GPSU Cybersecurity Fall Internship

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a part-time, remote paid cybersecurity intern for its GPSU cohort, supporting hands-on security work and training while preparing for a future full-time role.

United States Part-time Entry Level Security Analyst
$42k-$42k
Cybersecurity
6 hours, 2 minutes ago
Stripe

Security Analyst, Bug Bounty

Stripe 5K-10K Diversified Financial Services

Stripe is hiring a Security Analyst for its Vulnerability Management team to triage bug bounty reports, coordinate remediation, and improve how vulnerabilities are surfaced and managed across the company.

North America Mid Level Security Analyst
AWS Burp Suite GCP Python Ruby
6 hours, 17 minutes ago
Appgate

L1 Analyst

Appgate 251-1K Professional Services

GFC Operations is hiring an L1 Analyst to serve as the first line of defense, investigating and mitigating cybersecurity events for clients in a highly analytical, curiosity-driven operations environment.

Colombia Full-time Junior Security Analyst
Cybersecurity HTML Linux
12 hours, 58 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers