Information Security Analyst - Risk & Vulnerability Management - Hybrid

Hybrid in Vienna, Winchester, San Diego or Pensacola

Technical Proficiency

• Vulnerability Assessment: Experience conducting vulnerability assessments using industry-standard tools such as Nessus and Rapid7. Proficient in identifying, categorizing, and prioritizing vulnerabilities across networks, systems, applications, and cloud platforms.
• Risk Analysis and Management: Skilled in applying risk frameworks to analyze threat landscapes, estimate potential impacts, and design practical risk mitigation strategies. Adept at translating technical findings into business risks for executive stakeholders.
• Security Architecture Review: Demonstrated ability to review and evaluate infrastructure and application architectures for security gaps, recommending controls and improvements to strengthen resilience against attacks.
• Incident Response Support: Familiarity with incident detection, investigation, containment, and remediation, supporting security operations teams with actionable vulnerability and risk intelligence.
• Threat Intelligence Integration: Ability to consume, analyze, and act upon threat intelligence feeds and advisories, correlating external threat data with internal findings to enhance situational awareness.

Professional Experience

• Program Support: Experience supporting vulnerability management programs, coordinating and ensuring timely remediation of critical findings. Ability to support delivery of projects within scope and budget, contributing to our client's organizational security posture improvement.
• Policy and Procedure Development: Experience authoring and updating vulnerability management policies, risk assessment templates, and reporting standards, aligning with regulatory and compliance requirements (e.g., GDPR, HIPAA, PCI DSS, SOX).
• Audit and Compliance: Capability to support internal and external audits, providing evidence for vulnerability scans, risk assessments, and remediation efforts. Ensuring controls are effectively designed and operating as intended.
• Metrics and Reporting: Experience developing dashboards and reports for senior management, visualizing trends in vulnerabilities, threat activity, and risk levels. Using data-driven insights to support strategic decision-making and resource allocation.

CC Pace is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, or any other protected characteristic under federal, state, or local laws.

CC Pace are committed to employing only candidates who are legally authorized to work in the United States. For us to comply with the Immigration Reform and Control Act of 1986, all new employees, as a condition of employment, must complete the Employment Eligibility Verification Form I-9 and provide documentation that establishes identity and authorization to work. E-Verify will be used for employment verification as part of your onboarding process.