Vulnerability Management Analyst

Wakefern Food Corp. is the largest retailer-owned cooperative in the United States and supports its co-operative members' retail operations, trading under the ShopRite, Price Rite Marketplace, The Fresh Grocer, Dearborn Market, Gourmet Garage, Fairway Market, and Di Bruno Bros.

Employing an innovative approach to wholesale business services, Wakefern focuses on helping the independent retailer compete in a big business world. Providing the tools entrepreneurs need to stay a step ahead of the competition, Wakefern’s co-operative members benefit from the company’s extensive portfolio of services, including innovative technology, private label development, and best-in-class procurement practices.

Summary

The Cybersecurity Analyst plays a critical role within Wakefern’s Cybersecurity team, with a primary focus on Vulnerability Management, Security Operations Center (SOC) support, and risk reporting. The majority of this role is dedicated to identifying, triaging, remediating, and coordinating remediation of security vulnerabilities across the enterprise. The analyst will work cross-functionally with technology and business teams to drive risk reduction, track remediation progress, and provide executive-level reporting and key metrics that measure the organization’s security posture. As an active member of the SOC, the analyst will also handle real-time security incidents and service desk ticket requests, requiring the ability to respond decisively under pressure. The ideal candidate brings deep technical knowledge across Operating Systems (Windows and Linux), Networking, and Application Security, which is foundational to accurately assessing vulnerabilities, understanding attack paths, and driving effective remediations across the enterprise.

Qualifications:

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. If requested, reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Core Functions / Minimum Requirements

• Lead and manage the enterprise Vulnerability Management program, including scanning, prioritization, tracking, and reporting of vulnerabilities across all systems and platforms.
• Perform hands-on remediation of identified vulnerabilities and coordinate cross-functional teams (infrastructure, application, and business units) to drive timely remediation across the enterprise.
• Develop and deliver regular risk reports and key performance metrics (KPIs/KRIs) to leadership that measure overall risk posture, remediation velocity, and risk reduction trends over time.
• Leverage a strong security background to evaluate, contextualize, and communicate risk associated with vulnerabilities, helping technical and non-technical stakeholders understand the impact and urgency of remediation efforts.
• Serve as an active member of the Security Operations Center (SOC), monitoring security alerts and events in real time, triaging incidents, and responding to security ticket requests in a timely and effective manner.
• Investigate and respond to security incidents, performing root cause analysis and documenting findings, response actions, and lessons learned to improve future incident handling.
• Develop, refine, and maintain use cases for security alerting, SIEM correlation rules, and monitoring playbooks to improve detection and response capabilities within the SOC.
• Review, recommend, and support the deployment of security systems and services including vulnerability management platforms, endpoint security, intrusion detection/prevention systems, SIEM, and threat intelligence tools.
• Stay current with the evolving threat landscape, emerging vulnerabilities (CVEs), and industry best practices; apply this knowledge to continuously improve the organization’s security posture.
• Perform other duties as assigned by management.

Must have one or more of the following:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent technical education
• Relevant security certifications strongly preferred: CISSP, CEH, CompTIA Security , CySA , GIAC GEVA, or equivalent
• 3–5 years of hands-on experience in cybersecurity, with demonstrated expertise in vulnerability management and/or SOC operations
• Strong understanding of vulnerability management lifecycle, risk scoring frameworks (CVSS), and remediation methodologies
• Experience with vulnerability scanning tools and SIEM platforms (e.g., Rapid7, Microsoft Sentinel)
• Deep working knowledge of the following security platforms is required: ReliaQuest (SIEM /extended detection and response), Ivanti (Service ticket Management System), SentinelOne (endpoint detection and response), Zscaler (zero trust network access / cloud security), Proofpoint (email security), Google Security Operations, and Rapid7 (vulnerability management and application security)
• Proven ability to build risk-based dashboards, metrics, and executive reports that translate technical vulnerability data into actionable business insights
• Solid knowledge of networking concepts, operating systems (Windows, Linux), and common attack vectors, exploits, and defense techniques
• Experience working in or alongside a SOC environment, including handling real-time security incidents, escalations, and service desk ticket requests
• Must have strong oral and written communication skills, with the ability to convey complex security risks clearly to both technical teams and senior leadership
• Must have strong analytical and problem-solving skills with the ability to independently assess and prioritize risk
• Must be able to work under pressure, prioritize competing demands, and manage multiple active incidents or remediation efforts simultaneously
• Must be available for off-hours support and on-call rotations as required by SOC operations
• Must be a collaborative team player and highly motivated individual with a proactive approach to identifying and closing security gaps

Working Conditions & Physical Demands

• Availability to work a varied, flexible schedule to meet business demands
• Ability to monitor computer screens for long periods of time
• Ability to work a hybrid schedule as established by the division (4 days on-site, 1 day remote)

Core Competencies

• Communicate Effectively: Communicates thoughts and ideas in a well-organized manner, encouraging two-way communication.
• Build Relationships: Creates cross-functional partnerships through the development and maintenance of constructive and cooperative relationships.
• Stay Competitive: Demonstrates a mindset of continuous improvement while exhibiting passion and enthusiasm for their work.
• Embrace Change: Looks for new ways of working by supporting advancements in processes and technology.
• Develop You: Identifies and capitalizes on opportunities for personal and professional career growth.
• Drive for Results: Supports divisional and strategic objectives through achievement of work goals.