Vulnerability Management Analyst, (Remote, MST & PST), Boston, Washington

Perform comprehensive vulnerability assessments and continuous monitoring across the enterprise.

Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.

Work across functional areas to perform vulnerability assessments on systems or applications before go-live rollouts.

Triage patch Tuesday and security advisory releases and make recommendations on required remediations or actions.

Examine systems and applications to assess the current security posture.

Improve vulnerability management coverage and ensure enterprise assets have appropriate management.

Manage vulnerability related tickets to ensure issues are remediated within organization standards.

Engaged to team objectives and contributing efforts that results in risk reduction to the organization.

2+ years of professional experience working within a Vulnerability Management role.

Advanced knowledge of Server and client operating systems.

Extensive experience with core vulnerability management tools (e.g. CrowdStrike Falcon, Tenable, Rapid7, Qualys, etc.).

Extensive experience with web application scanners (e.g. Burp, Burp Enterprise, Accunetix, etc.).

Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.

Experience working with Mac, Windows, Linux and/or other Unix-like variants.

Thorough understanding of TCP, UDP, HTTP, IP and other network protocols.

Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action.

Possess the ability to work independently and contribute to a high-performing team.

Proactive go getter attitude to solve challenging problems.

Stays up to date with current vulnerabilities and vulnerability related news in various industries.

Ability to automate and script tasks using your preferred language (e.g. GoLang, Python, Ruby, BASH)

Ability to utilize and write scripts against common web APIs (REST, SOAP, GraphQL).

Knowledge of cloud platforms and highly concurrent systems.

Experience in regulated environments (FedRAMP, SOX, etc)

Experience working in a dynamic cloud environment.

Knowledge of container technology and how to assess the security posture of images.

You’re a clear thinker and efficient communicator (i.e written and verbal).

Technical security certifications or academic background a plus.

Remote-first culture

Market leader in compensation and equity awards

Competitive vacation and flexible working arrangements

Comprehensive and inclusive health benefits

Physical and mental wellness programs

Paid parental leave, including adoption

A variety of professional development and mentorship opportunities

Offices with stocked kitchens when you need to fuel innovation and collaboration