Vulnerability Management Analyst

extra holidays
Work set-up: 
Full Remote
Contract: 
Full time
Experience: 
Mid-level (2-5 years)
Work from: 
United States

Offer summary

Qualifications:

Minimum of three years experience in vulnerability or risk management., Experience coordinating with software engineering or DevOps teams on vulnerability remediation., Knowledge of cloud environments such as EKS, ECS, or Kubernetes is beneficial., Strong organizational skills and ability to work independently or in a team..

Key responsibilities:

  • Review and evaluate deviation and risk acceptance requests.
  • Meet with engineering teams to understand technical constraints and document solutions.
  • Maintain an up-to-date exception register and manage deadlines.
  • Support audits by providing necessary evidence and context.

WorldLink US logo
WorldLink US Large https://www.worldlink-us.com/
See all jobs

Job description

TITLE: Vulnerability Management Analyst

POSITION TYPE: Full Time (W2)

LOCATION: Remote


 ABOUT WorldLink:

WorldLink is a rapidly growing information technology company at the forefront of the tech transformation. From custom software development to cloud hosting, from big data to cognitive computing, we help companies harness and leverage today’s most cutting-edge digital technologies to create value and grow.

Collaborative. Respectful. Work hard Play hard. A place to dream and do. These are just a few words that describe what life is like at WorldLink. We embrace a culture of experimentation and constantly strive for improvement and learning.

We take pride in our employees and their future with continued growth and career advancement. We put TEAM first. We are a competitive group that like to win. We're grounded by humility and driven by ambition. We're passionate, and we love tough problems and new challenges. You don't hear a lot of "I don't know how" or "I can't" at WorldLink. If you are passionate about what you do and having fun while doing it; tired of rigid and strict work environments and would like to work in a non-bureaucratic startup cultural environment, WorldLink may be the place for you.

For more information about our craft, visit https://worldlink-us.com .

WHO we’re looking for:

We are looking for a Vulnerability Management Analyst focused on reviewing vulnerability deviation requests and working directly with engineering and development teams to ensure timely remediation or formal approval of exceptions within a FedRAMP authorized SaaS environment. The analyst keeps the exception workflow moving by validating requests, guiding teams on compensating controls, and updating program artifacts while maturing policies and procedures that support continuous compliance

Role and Responsibilities:

• Receive and evaluate deviation and risk acceptance requests; confirm CVSS scores, affected assets, and proposed compensating controls.

• Meet with engineers and developers to understand technical constraints, agree on remediation timelines, and document alternative solutions that satisfy FedRAMP Moderate or High requirements.

• Draft or refine risk acceptance forms and POA&M entries; shepherd each request through security, compliance, and Authorizing Official approval.

• Maintain an up to date exception register with owners, due dates, and re validation checkpoints; remind stakeholders as deadlines approach.

• Update vulnerability management runbooks, service level agreements, and playbooks to reflect the approved deviation handling process and any new tooling integrations.

• Help integrate scanners or ticketing systems such as Prisma Cloud, Tenable, Qualys, and Jira so deviation status is captured and tracked automatically.

• Advise engineering teams on FedRAMP control requirements, acceptable compensating controls, and best practices for patching or mitigating findings.

• Support audits by supplying requested evidence and context prepared by the compliance team.

Required Experience and Education:

• At least three years in vulnerability or risk management.

• Prior coordination with software engineering or DevOps teams on vulnerability remediation is strongly preferred.

• Experience with container and cloud environments such as EKS, ECS, or Kubernetes is beneficial.

Necessary Skills and Attributes:
  • Self-motivated individual with the ability to thrive in a team-based or independent environment.
  • Detail-oriented with strong organization skills.
  • Ability to work in a fast-paced environment.
  • Limited supervision and the exercise of discretion.
Physical Demands:

The physical demands described here are representative of those that must be met by contract employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the contract employee is occasionally required to stand, clean, crawl, kneel, sit, sort, hold, squat, stoop, stand, twist the body, walk, use hands to finger, handle, or feel objects, tools or controls, reach with hands and arms, climb stairs or ladders and scaffolding, talk or hear, and lift up to 20 pounds. Specific vision abilities required by the job include ability to distinguish the nature of objects by using the eye. Operate a computer keyboard and view a video display terminal between 50% - 95% of work time, including prolonged periods of time. Requires considerable (90%+) work utilizing high visual acuity/detail, numeric/character distinction, and moderate hand/finger dexterity.

Performs work under time schedules and stress which are normally periodic or cyclical, including time sensitive deadlines, intellectual challenge, some language barriers, and project management deadlines. May require working additional time beyond normal schedule and periodic travel.

WHAT we’ll bring:

During your interview process, our team can fill you in on all the details of our industry-competitive benefits and career development opportunities. A few highlights include:
  • Medical Plans
  • Dental Plans
  • Vision Plan
  • Life & Accidental Death & Dismemberment
  • Short-Term Disability
  • Long-Term Disability
  • Critical Illness/ Accident/ Hospital Indemnity/ Identity Theft Protection
  • 401(k)
WHAT you should know:

Our success begins and ends with our people. We embrace diverse perspectives and value unique human experiences. WorldLink is an Equal Employment Opportunity and Affirmative Action employer. All employment at WorldLink is decided on the basis of qualifications, merit, and business need. We endeavor to continue our footprint as a diverse organization by highlighting opportunities for all people.  WorldLink considers applicants for all positions without regard to race, color, religion or belief, sex, (including pregnancy and gender identity), age, national origin, political affiliation, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. People with disabilities who need assistance with any part of the application process should contact us.

This job description is designed to cover the main responsibilities and duties of the role but is not designed to be a comprehensive list of all.

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

Vulnerability ManagementCloud ComputingFedRAMPRisk ManagementJIRAKubernetesMitigating ControlVulnerability ManagementCVSNTPkMSQualysDeviation InvestigationsPrisma Cloud

Other Skills

  • Detail Oriented
  • Self-Motivation
Are you interested?

Related jobs

See more jobs