Back to all jobs


Title: Senior Vulnerability Management Analyst

Duration: 6 Months

Location: Remote

Job Summary:

The Senior Vulnerability Management Analyst (Windows) is a hands-on practitioner on the cybersecurity defense team. This role serves as a bridge between Operations and Information Security to help prioritize patching and mitigations for vulnerabilities in the company network and infrastructure. The analyst must be familiar with applications, operating systems, networking, Windows services, cloud infrastructure, and basic attacker Tactics, Techniques, and Procedures (TTPs).

This role will assist with strategic initiatives for short and long-term plans to identify and reduce the attack surface across applications and systems. The use of automated tools to identify, assess, and report is expected, emphasizing effective communication with constituents who rely on applications and systems that support their business. This role will take an active lead in informing, advising, and partnering with business units to help better secure our operations. The position must collaborate with others on the team for remediation and additional validation and contribute to other collaborative approaches driven by the security team strategy.


• Review and Prioritize vulnerability data for Windows systems.

• Document, prioritize, and formally report asset and vulnerability state, along with remediation recommendations and validation.

• Communicate vulnerability results in a manner understood by technical and non-technical

business units based on risk tolerance and threat to the business, and gain support through influential messaging.

• Leverage vulnerability database sources to understand each weakness, its probability, and

remediation options, including vendor-supplied fixes and workarounds.

• Collaborate with security groups such as risk management to form a holistic team dedicated to thwarting attackers and reducing the attack surface.

• Work directly with infrastructure and application teams to advise and support remediation efforts to close vulnerability exposure to new threats and verify the organization’s security posture against them.

• Assist in managing vulnerabilities across the enterprise with Tenable Cloud and Security Center

• Arrange and support business units launching new technology applications and services to verify that new products/offerings are added to continuous scans and appropriate reports and dashboards are built/updated.

• Perform other duties as assigned.


Basic Requirements:

• Bachelor’s degree in Information Security systems or related field or relevant/equivalent experience.

• 5+ years of experience in information security administration, vulnerability management, security operations, systems administration, network administration, or help desk.

• Strong skills in vulnerability management solutions such as Qualys, Nexpose, Kenna Security, Tanium, and open source. Preferred experience with Tenable Nessus. Bonus for experience deploying Nessus scanners and/or agents.

• A solid understanding of information security, including business and governance processes.

• Strong skills with Windows and *nix operating systems, endpoint applications, DNS, networking protocols and devices, and IP ranges and subnets.

• Strong skills in organization-wide vulnerability scanning and remediation processes.

• Familiar with OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle.

• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.

• Excellence in communicating business risk and remediation requirements from assessments.

• Analytical and problem-solving mindset.

• Highly organized and efficient. Self-starter requiring minimal supervision.

• Demonstrated strategic and tactical thinking, decision-making skills, and business acumen.

Preferred Qualifications:

• Windows-related certifications, GCED, GCCC, GPEN, GCIH, CISSP, or CRISC.

• Capable of basic Python, Bash, Perl, or PowerShell scripting or learning quickly.

• Preferably have held positions in cybersecurity or systems administration

On-Demand Group is an Equal Employment Opportunity (EEO) employer. All wage/salary ranges are dependent on experience, educational requirements, and other job-related criteria.

    • Job type: Contract
    • Location: Remote
    • Date posted: