Vulnerability Management Systems Analyst - Contract - Remote - local to SC-

Vulnerability Management Systems Analyst

Location: Remote (Onsite as Needed)

Interview Process: 1 round, Virtual/Online - potential for a 2nd round in-person interview

Duration: 12 Months
Employment Type: Contract
Experience Required: 08+ Years

Candidate Location: Preference will be given to candidates that are local to SC and are able to come onsite for project needs.

Project Scope:

We are seeking an experienced Vulnerability Management Systems Analyst to support and enhance an enterprise-wide vulnerability management program. This role will focus on administering vulnerability management platforms, coordinating remediation efforts, analyzing security risks, and collaborating with stakeholders to improve the organization's overall security posture.

The ideal candidate will have strong expertise in vulnerability assessment tools, risk analysis, remediation planning, and security best practices across large-scale enterprise environments.
Support the maturation of an enterprise vulnerability management program

·        Administer and optimize vulnerability management platforms and services

·        Coordinate with internal teams and stakeholders to identify, prioritize, and remediate vulnerabilities

·        Improve vulnerability governance, reporting, and risk management processes

·        Enhance security posture through proactive risk reduction and remediation initiatives

Key Responsibilities:

Vulnerability Management Operations

• Administer and support enterprise vulnerability management platforms (Qualys, Tenable, Rapid7, or similar)
  
• Configure scanning policies, schedules, asset groups, and reporting dashboards
  
• Ensure continuous vulnerability scanning coverage across servers, endpoints, applications, and cloud environments
  
• Monitor platform health and ensure scan accuracy and reliability
  

Vulnerability Assessment & Analysis

• Analyze vulnerability scan results and validate findings
  
• Prioritize vulnerabilities based on CVSS scores, exploitability, and asset criticality
  
• Identify security gaps, exposure risks, and systemic vulnerabilities
  
• Support risk classification and residual risk documentation
  

Remediation & Risk Management

• Develop and maintain POA&M (Plan of Action and Milestones) tracking for remediation efforts
  
• Coordinate with technical teams and agencies to ensure timely vulnerability remediation
  
• Track remediation progress against defined service level objectives (SLOs)
  
• Recommend compensating controls when immediate remediation is not possible
  

Stakeholder Coordination

• Work closely with multiple agencies, IT teams, and security stakeholders
  
• Conduct vulnerability review meetings and provide actionable remediation guidance
  
• Communicate technical risks in clear business terms for leadership reporting
  
• Support enterprise-wide coordination of vulnerability management activities
  

Reporting & Compliance

• Develop vulnerability dashboards, reports, and executive summaries
  
• Provide regular updates on risk posture, trends, and remediation status
  
• Support audit and compliance reporting requirements
  
• Ensure alignment with standards such as NIST, PCI DSS, ITIL, and CVSS frameworks
  

Tool Administration & Optimization

• Support configuration and tuning of vulnerability scanning tools
  
• Improve scanning efficiency, coverage, and accuracy
  
• Assist in integrating vulnerability platforms with SIEM, ticketing, and ITSM tools
  

Automation & Scripting

• Develop scripts using Python, PowerShell, or Bash for automation of reporting and workflows
  
• Automate vulnerability data extraction, reporting, and tracking processes
  

Training & Support

• Provide guidance and training to agency teams on vulnerability management practices
  
• Develop documentation, procedures, and best practices
  
• Support onboarding of new teams into vulnerability management processes
  

Continuous Improvement

• Identify opportunities to improve vulnerability management maturity
  
• Recommend process improvements and automation opportunities
  
• Stay updated on emerging threats, vulnerabilities, and security trends
  

Required Skills & Experience:

·        5+ years of experience with vulnerability management tools (Qualys, Tenable, Rapid7)

·        5+ years of experience in deploying, configuring, and operating vulnerability management platforms

·        Strong experience with Windows and Linux operating systems

·        5+ years of experience with CVSS scoring, POA&M tracking, and risk mitigation

·        Strong understanding of enterprise IT security environments

Preferred Skills:

·        Knowledge of security frameworks: NIST, PCI DSS, ITIL, CVSS, MITRE ATT&CK

·        Experience with scripting/automation (Python, PowerShell, Bash)

·        Experience leading enterprise or large-scale vulnerability management programs

·        Familiarity with enterprise security operations environments

·        Local to Columbia, SC or nearby regions preferred

Education:

Bachelor’s degree in Information Technology, Cybersecurity, or related field