Logo for LanceSoft, Inc.

Vulnerability Management Analyst

Role overview

Qualifications

  • 3+ years of demonstrated experience in vulnerability management in enterprise class environments.
  • Experience with vulnerability management across cloud and container environments and supporting enterprise tools.
  • Strong understanding of vulnerability management lifecycle activities, including identification, validation, prioritization, remediation coordination, risk treatment awareness, and closure verification.
  • Strong written and verbal communication skills, with the ability to translate technical vulnerability findings into clear remediation guidance, risk summaries, and prioritization recommendations for technical and non-technical stakeholders.

Responsibilities

  • Validate and triage vulnerability findings from internal scans, external scans, attack surface management sources, and threat intelligence.
  • Assess severity, exploitability, exposure, business impact, compensating controls, and residual risk to support risk-based prioritization.
  • Engage technology stakeholders and remediation owners throughout the vulnerability lifecycle.
  • Support rapid response for vulnerability threat intelligence escalations and PatchNow Critical events.

About the company

LanceSoft, Inc. logo

LanceSoft, Inc.

Established in 2000, LanceSoft is a pioneer in delivering top-notch Global Workforce Solutions and IT Services to a diverse clientele. As a Certified MBE and Woman-Owned organization, we pride ourselves on fostering global cross-cultural connections that advance both the careers of our employees and the success of our clients' businesses. At LanceSoft, our mission is clear: to leverage our global network to seamlessly connect businesses with the right talent and individuals with the right opportunities, all without bias. We believe in providing Global Workforce Solutions with a personalized, human touch. Our comprehensive range of services spans various domains, encompassing temporary and permanent staffing, Statement of Work (SOW) arrangements, payrolling, Recruitment Process Outsourcing (RPO), application design and development, program/project management, and engineering solutions. Currently, our team of over 5,000 professionals caters to 110+ enterprise clients worldwide, including Fortune companies. Our client base represents a diverse spectrum of industries, including Banking & Financial Services, Semiconductor/VLSI, Technology, Healthcare & Life Sciences, Government, Telecom & Media, Retail & Distribution, Oil & Gas, and Energy & Utilities. Headquartered in Herndon, VA, LanceSoft operates 32+ regional offices across the North America, Europe, Asia, and Australia. We also have nine delivery centers strategically located in India in Bangalore, Indore, Noida, Baroda, Hyderabad, Bhubaneshwar, Dehradun, Goa, and Aligarh to further enhance our client service capabilities.

Company details

Company typeXLarge
Company size5001 - 10000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Title: Vulnerability Management Analyst
Work Location: Remote - USA
Pay: $70-$85/ hour on W2
 
Must haves: 3 plus years’ experience in vulnerability management-Qualys or Tenable or Nessus
 
The Vulnerability Management Analyst supports enterprise vulnerability operations by validating findings, assessing risk, coordinating remediation, and helping drive timely reduction of security exposure and risk across infrastructure, cloud, container, application, endpoint, and externally facing environments. This role requires strong analytical judgment, operational follow-through, and the ability to translate large volumes of vulnerability data into clear, actionable guidance for technical and non-technical stakeholders.
 
Key Responsibilities:
  • Validate and triage vulnerability findings from internal scans, external scans, attack surface management sources, and threat intelligence, including scope validation, ownership attribution, and exposure assessment.
  • Assess severity, exploitability, exposure, business impact, compensating controls, and residual risk to support risk-based prioritization across infrastructure, cloud, container, endpoint, network, and externally exposed environments.
  • Engage technology stakeholders and remediation owners throughout the vulnerability lifecycle, from identification and owner routing through remediation treatment, progress tracking, closure validation, and risk-based escalation.
  • Support rapid response for vulnerability threat intelligence escalations and PatchNow Critical events through scope analysis, owner routing, remediation treatment, tracking, and closure verification.
  • Work with vulnerability management, scanning, reporting, external exposure, and risk prioritization tools to validate data, investigate discrepancies, confirm asset context, and compress operational response times.
  • Identify recurring risk patterns, workflow friction, and data quality issues; recommend practical improvements to processes, tooling, automation, and reporting that improve remediation outcomes and operational consistency.
 Required Qualifications:
  • 3+ years of demonstrated experience in vulnerability management in enterprise class environments.
  • Experience with vulnerability management across cloud and container environments and supporting enterprise tools.
  • Strong understanding of vulnerability management lifecycle activities, including identification, validation, prioritization, remediation coordination, risk treatment awareness, and closure verification.
  • Experience working with large datasets, vulnerability reports, asset information, and operational metrics to identify trends, discrepancies, and actionable insights.
  • Strong written and verbal communication skills, with the ability to translate technical vulnerability findings into clear remediation guidance, risk summaries, and prioritization recommendations for technical and non-technical stakeholders.
  • Working knowledge of common enterprise technology environments, including servers, endpoints, network infrastructure, cloud platforms, containerized workloads, and container image lifecycle management.
 
Preferred Qualifications:
  • Experience in financial services, regulated environments, or organizations with formal technology risk, audit, compliance, and vulnerability management regulatory requirements (PCI DSS, FFIEC).
  • Scripting, automation, API, and data analysis experience using tools or languages such as Python, PowerShell, VBA, Power Query, SQL, R, or similar.
  • Experience with business intelligence, reporting, or analytics tools such as Power BI and Excel for validating reports, analyzing trends, and communicating actionable insights.
  • Practical familiarity with AI-enabled productivity or analysis tools, coding assistants, prompt-based workflows, or tool orchestration in a professional setting.
  • Relevant security or technology certifications such as Security+, CySA+, CISSP,cloud security certifications, vulnerability management vendor certifications, or equivalent practical experience.
 Tools and Environment (Preferred):
  • Vulnerability management and scanning platforms such as Qualys, Wiz, or comparable enterprise vulnerability management tools.
  • External attack surface management tools, exposure monitoring platforms, and internet-facing asset discovery workflows.
  • Cloud and container environments, including AWS, Azure, GCP, Kubernetes, container image lifecycle management, and cloud workload security fundamentals.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Related jobs

Other jobs at LanceSoft, Inc.

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.