Vulnerability Management Configuration Assurance Analyst

Date Posted: 06/04/2026

Hiring Organization: Rose International

Position Number: 502336

Industry: Insurance

Job Title: Vulnerability Management Configuration Assurance Analyst

Job Location: Springfield, MA, USA, 01111

Work Model: Hybrid

Work Model Details: 2-3 days onsite in a week

Shift: M to F, 8 to 5

Employment Type: Temporary

FT/PT: Full-Time

Estimated Duration (In months): 8

Min Hourly Rate($): 60.00

Max Hourly Rate($): 62.00

Must Have Skills/Attributes: Analytical Skills, AWS, Azure, Tableau

Experience Desired: Hands-on experience with enterprise vulnerability management tools such as Qualys, Wiz, Tenable, etc (5 yrs); Strong understanding of CVSS scoring, exploitability, and threat context (5 yrs); Experience integrating vulnerability and configuration management data into SIEM, GRC (3 yrs); Experience working with cloud platforms, including AWS, Azure, and/or GCP (3 yrs)

Required Minimum Education: Bachelor’s Degree

**C2C is not available**

Job Description

Required Education:

• Bachelor's degree
  
  

Required Qualifications / Skills / Experience

• Hands-on 5 years of experience with enterprise vulnerability management tools such as Qualys, Wiz, Tenable, Rapid7, or similar platforms
• Experience identifying, assessing, prioritizing, and tracking vulnerabilities across endpoints, servers, cloud environments, and hybrid infrastructure
• Strong understanding of CVSS scoring, exploitability analysis, threat intelligence, and risk-based vulnerability prioritization
• Experience assessing and validating secure configurations against industry standards and frameworks
• Experience integrating vulnerability and configuration management data into SIEM, GRC, and ticketing platforms
• Knowledge of security frameworks including CIS, NIST, ISO, and PCI-DSS
• Experience working with cloud platforms, including AWS, Azure, and/or GCP
• Strong analytical, problem-solving, and risk assessment capabilities
• Experience developing executive and technical security reporting
  
  

Preferred Qualifications / Skills / Experience

• Experience with container security and hybrid infrastructure environments
• Experience creating dashboards and visualizations using tools such as Tableau
• Experience working within enterprise security operations, governance, risk, and compliance environments
  
  

Vulnerability Management & Configuration Assurance Analyst Overview

• The Vulnerability Management and Configuration Assurance (VMCA) Analyst is responsible for identifying, assessing, and reducing cyber risk across enterprise environments through effective vulnerability management and configuration assurance practices
• This role drives visibility into security vulnerabilities and configuration weaknesses across on-premises, cloud, and hybrid environments
• The analyst leverages enterprise security tools, analytics, and reporting capabilities to assess vulnerabilities, monitor compliance with secure configuration standards, and provide actionable remediation guidance
• Responsibilities include analyzing vulnerability scan results, prioritizing remediation activities based on risk and exploitability, validating secure configurations, and implementing compensating controls when required
• The role partners closely with Infrastructure, Cloud, Engineering, Security, and Business Information Security stakeholders to improve overall security posture
• The analyst supports governance, audit readiness, executive reporting, and continuous security improvement initiatives through accurate risk metrics, compliance reporting, and remediation tracking
• Success in this position requires strong analytical skills, risk-based decision-making, collaboration, operational ownership, and the ability to communicate complex security risks to both technical and executive audiences
  
  

Job Duties

• Perform vulnerability assessments across on-premises, cloud, and hybrid environments
• Analyze vulnerability scan results and prioritize remediation efforts based on risk, exploitability, and business impact
• Assess and validate secure configuration standards across enterprise platforms and technologies
• Monitor configuration compliance and identify security gaps or misconfigurations
• Implement and recommend compensating controls where remediation cannot be immediately completed
• Develop risk metrics, dashboards, and executive reporting related to vulnerability management and configuration assurance
• Collaborate with Infrastructure, Cloud, Engineering, Security, and Business Information Security teams to drive remediation activities
• Integrate vulnerability and configuration data into SIEM, GRC, ticketing, and governance platforms
• Support audit readiness, compliance assessments, and security governance initiatives
• Identify trends, anomalies, and risk concentrations through data analysis
• Provide actionable recommendations to improve security posture and control effectiveness
• Continuously improve vulnerability management and configuration assurance processes
  
  

Specific Details To Call Attention To

• Strong hands-on experience with vulnerability management platforms such as Qualys, Wiz, Tenable, Rapid7, or similar tools is required
• Must have experience performing risk-based vulnerability analysis using CVSS scoring, exploitability, and threat intelligence
• Experience assessing configuration compliance against CIS, NIST, ISO, and PCI-DSS frameworks is highly important
• Cloud security experience within AWS, Azure, and/or GCP environments is strongly preferred
• Must be comfortable presenting security risks, remediation progress, and metrics to both technical and executive stakeholders
• Experience supporting governance, audit readiness, and enterprise security compliance initiatives is highly desired
• **Only those lawfully authorized to work in the designated country associated with the position will be considered.**
• **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**
  
  

Benefits

For information and details on employment benefits offered with this position, please visit here. Should you have any questions/concerns, please contact our HR Department via our secure website.

California Pay Equity

For information and details on pay equity laws in California, please visit the State of California Department of Industrial Relations' website here.

Rose International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender (expression or identity), national origin, arrest and conviction records, disability, veteran status or any other characteristic protected by law. Positions located in San Francisco and Los Angeles, California will be administered in accordance with their respective Fair Chance Ordinances.

If you need assistance in completing this application, or during any phase of the application, interview, hiring, or employment process, whether due to a disability or otherwise, please contact our HR Department.

Rose International has an official agreement (ID #132522), effective June 30, 2008, with the U.S. Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Verification Program (E-Verify). (Posting required by OCGA 13/10-91.).