Vulnerability Management Analyst

#AZAAKI-IT
Job Overview

The Information Security Analyst (Vulnerability Management) supports the execution, planning, and administration of the Vulnerability Management program within Information Security. This role focuses on vulnerability assessments, penetration testing, social engineering, and coordination of remediation efforts to reduce the organization’s attack surface.

The analyst provides oversight and coordination across the enterprise, reviews application security scan results, and supports post-remediation validation testing. This role does not perform direct remediation but ensures vulnerabilities are tracked, validated, and closed effectively.

Major Duties & Responsibilities

Vulnerability & Security Operations

• Monitor and analyze vulnerability assessment data to identify and communicate technical risks
• Support vulnerability assessments, penetration testing, and social engineering activities
• Identify and classify the impact of newly discovered vulnerabilities
• Track and coordinate vulnerability remediation efforts across application, infrastructure, and operations teams
• Ensure timely closure of identified security gaps

Application Security

• Review and interpret application security scan results with understanding of underlying code structures
• Support post-development testing to validate remediation effectiveness
• Participate in IT SDLC programs to embed security by design

Governance, Risk & Compliance

• Assist with regulatory and compliance requirements, including audits, assessments, and attestations
• Contribute to SOC, ISO, PCI, HITRUST, NIST, and SANS aligned initiatives
• Respond to client vulnerability inquiries and audit requests
• Brief Information Security leadership on vulnerability findings and risk posture

Reporting & Collaboration

• Aggregate and report vulnerability data from multiple scanning tools and platforms
• Manage and utilize DLP tools, code scanners, and external security profiling tools
• Collaborate cross-functionally to improve overall security posture
• Support leadership in identifying capability gaps in vulnerability management services

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or equivalent experience
• 3 years of experience in IT, Information Security, or Compliance
• Experience with SOC 1/2, ISO 27001/27002, PCI DSS, HITRUST, SANS, NIST
• Strong analytical, problem-solving, and project management skills
• Ability to interpret application structures and code approaches at a high level
• Excellent written, verbal, and presentation skills
• Experience working in collaborative, cross-functional environments

Preferred Qualifications

• Security certifications: CISSP, CISM, GIAC, PCI DSS, CHPSE, or similar
• Experience in healthcare or health insurance environments
• Knowledge of HIPAA, CMS, and healthcare vendor security requirements
• Familiarity with Security SDLC tools and processes

#AZAAKI-IT

Job Type: Contract

Pay: $30.00 - $35.71 per hour

Expected hours: 40 per week

Work Location: Hybrid remote in Mason, OH 45040

Salary : $30 - $36