Logo for Connexus Credit Union

Vulnerability Management Analyst

Role overview

Qualifications

  • Bachelor's degree in Information Security, Computer Science, Information Technology or commensurate experience
  • 3+ years professional work experience in vulnerability management, security operations, or IT risk within a regulated environment
  • Hands-on experience with vulnerability scanning tools, such as Tenable (Nessus, Tenable.io), Qualys, Rapid7 or similar platforms
  • Prior financial industry regulations and frameworks knowledge (FFIEC, NCUA, GLBA, NIST)

Responsibilities

  • Conduct regular vulnerability scanning of networks, servers, endpoints, cloud environments, and applications using approved tools
  • Analyze scan results to identify false positives, determine exploitability, and assess business and regulatory risk
  • Prioritize vulnerabilities based on CVSS scores, threat intelligence, asset criticality, and financial institution risk impact
  • Track vulnerabilities through remediation, validation, and closure using ticketing or governance platforms

Key facts

  • Remote from: United States
  • Full time
  • Mid-level (2-5 years)
  • 0
  • English

Other skills

  • Collaboration
  • Communication
  • Problem Solving
  • Detail Oriented

About the company

Connexus Credit Union logo

Connexus Credit Union

Financial Services

Serving more than 445,000 members nationwide, Wausau, WI-based Connexus Credit Union is a member-owned, not-for-profit financial cooperative with over $5.2 billion in assets and more than 670 employees. We proudly give back to our members through high yields on deposit products, competitive loan rates, and minimal fees. We’ve been nationally recognized for excellence by Forbes Advisor, NerdWallet, Kiplinger, and Bankrate. Our organizational values of Integrity, Respect, Synergy, Transparency, and Wellbeing, influence all we do. Whether it’s an email from one employee to another, helping a member in a branch, or volunteering in one of the many communities we serve, we interact with dignity, kindness, and professionalism. We strive for transparent, honest dialogue and highly value the collective power of our team. Our vision is to be a nationally relevant, trusted credit union, providing exceptional experiences and fostering prosperity for those we serve. We strive to earn and maintain our members’ trust and ensure they feel supported and appreciated at every touchpoint. We also support our communities through our philanthropic program, Connexus Cares. Founded in early 2019, Connexus Cares has already donated over $10 million to charitable organizations nationwide.At Connexus, we’re dedicated to sustainable growth while delivering exceptional experiences. We do this, in part, by fostering a culture that values employees as our most important asset.We’re excited to remain at the forefront of the credit union movement as we continuously demonstrate our values, embrace our digital future, and strengthen our national relevance. Please explore all Connexus has to offer at ConnexusCU.org.

Company details

Company typeSME
IndustryFinancial Services
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Connexus Credit Union - Who We Are:

Serving members across all 50 states, Connexus Credit Union is a member-focused cooperative that is proud to return profits to member-owners through high yields for checking accounts and deposit products, as well as competitive rates on our loans. We are a remote first employer with the majority of our employees residing in the upper Midwest.

As an employer we foster collaboration and high performance to achieve excellence. We holistically care for and develop our employees to thrive personally and professionally. We are proud to share our success with our employees and those we serve.

Connexus offers an Amazing Benefits package:

  • 25 days of paid time off and 10 paid holidays

  • 16 hours of paid Volunteer Time Off

  • 401K Retirement with up to 6% employer match

  • Excellent Health, Dental, Vision insurance, including multiple plan options

  • Health Savings Account with generous employer contributions

  • Employer paid Life insurance, Short-Term and Long-Term Disability

  • Tuition Reimbursement from $4,000 - $7,000 per calendar year

  • Robust Learning and Development program that includes an annual professional development stipend

Responsibilities:

  • Conduct regular vulnerability scanning of networks, servers, endpoints, cloud environments, and applications using approved tools.

  • Analyze scan results to identify false positives, determine exploitability, and assess business and regulatory risk.

  • Prioritize vulnerabilities based on CVSS scores, threat intelligence, asset criticality, and financial institution risk impact.

  • Track vulnerabilities through remediation, validation, and closure using ticketing or governance platforms.

  • Perform re-scans to validate remediation effectiveness.

  • Ensure vulnerability management practices align with:

    • FFIEC Cybersecurity Assessment Tool (CAT)

    • NCUA or banking regulatory guidance

    • GLBA Safeguards Rule

    • Internal Information Security and Risk Management policies

  • Prepare documentation, metrics, and evidence for internal audits, regulatory exams, and third-party assessments.

  • Support risk acceptance decisions by documenting compensating controls and residual risk.

  • Partner with IT infrastructure, application development, cloud, and network teams to remediate identified risks.

  • Translate technical vulnerabilities into clear business risk language for leadership and non-technical stakeholders.

  • Provide guidance on secure configuration, patching, and vulnerability mitigation strategies.

  • Participate in security incident response activities when vulnerabilities are exploited or pose imminent risk.

  • Monitor emerging threats, zero-day vulnerabilities, and industry advisories relevant to financial services.

  • Contribute to vulnerability management policies, standards, and procedures.

  • Assist with penetration testing coordination and result analysis.

  • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with required frameworks

  • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries

  • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments.

  • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture.

  • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches.

  • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation.

  • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates.

  • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures.

  • Run the daily vulnerability management program operations, work closely with the patch management analyst in identifying and patching vulnerabilities, and actively participate in weekly vulnerability management team meetings.

  • Comply with all Federal Regulations as they pertain to your job duties, including BSA.

Position Requirements:

  • This position is Remote.

  • Bachelor's degree in Information Security, Computer Science, Information Technology or commensurate experience is Required.

  • 3+ years professional work experience in vulnerability management, security operations, or IT risk within a regulated environment is Required.

  • The GIAC (GSEC or GEVA) certification is preferred upon hire although required to be completed within 6 months of hire.

  • Prior financial industry regulations and frameworks (FFIEC, NCUA, GLBA, NIST) is Required.

  • Hands-on experience with vulnerability scanning tools, such as: Tenable (Nessus, Tenable.io), Qualys, Rapid7 or similar platforms is Required.

  • Strong understanding of, network, operating system, and application vulnerabilities, patch management processes, and secure configuration standards (CIS Benchmarks) is Required,

  • Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks is Required.

  • Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams is Required.

Connexus Credit Union's Employer Recognitions:

  • 2026 Best Place to Work in IT, Computer World

Equal Opportunity Employer/Disabled/Veterans/41 CFR 60–1.4, 41 CFR 60-1.35

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at Connexus Credit Union

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.