100% Remote - Cybersecurity Risk Analyst

Position Overview:

We are seeking a Cybersecurity Risk Analyst to support enterprise wide cyber risk reduction and vulnerability remediation initiatives across a complex multi company utility environment. This individual will play a key role in identifying elevated security risks, coordinating remediation activities, tracking vulnerability trends, and partnering with infrastructure and endpoint teams to improve overall cybersecurity posture.

This is a highly cross functional role requiring both technical aptitude and strong coordination and project management capabilities. The ideal candidate understands vulnerability management processes, can navigate security and infrastructure tooling, and is comfortable driving accountability and follow up across multiple technical teams.

The position will focus heavily on Rapid7 Nexpose analysis, remediation coordination, asset risk tracking, endpoint patching visibility, and vulnerability KPI improvement efforts.

Responsibilities:

• Monitor enterprise vulnerability dashboards and identify newly introduced elevated risks and high risk assets
• Analyze Rapid7 Nexpose findings, vulnerability trends, and average risk per asset metrics
• Coordinate remediation activities with infrastructure, endpoint, server, and application teams
• Track remediation commitments and ensure timely follow through on identified risks
• Assist with enterprise vulnerability reduction initiatives tied to executive level KPI objectives
• Investigate recurring vulnerability patterns and identify opportunities for remediation optimization
• Partner with endpoint and infrastructure teams to improve patch compliance and vulnerability metrics
• Identify systems with patching gaps, stale vulnerabilities, or configuration issues impacting risk scores
• Work with business users and technical teams to coordinate remediation for devices not regularly connected to the corporate network
• Document remediation guidance and provide vulnerability context to asset owners
• Utilize internal dashboards, reporting tools, and internal security platforms to support risk analysis activities
• Participate in daily operational standups and ongoing remediation planning sessions
• Escalate unresolved or high priority remediation blockers as needed
• Support short term surge efforts related to elevated enterprise vulnerability risk levels
• Contribute to continuous process improvement within vulnerability and risk management operations

Qualifications:

Required Qualifications

• 5 or more years of experience in cybersecurity, vulnerability management, infrastructure operations, or technical risk management
• Hands on experience with vulnerability management platforms such as Rapid7 Nexpose, InsightVM, Qualys, Tenable, or similar tools
• Strong understanding of vulnerability remediation processes, patch management, and endpoint and server infrastructure
• Experience coordinating technical remediation efforts across multiple IT teams
• Ability to analyze vulnerability data and prioritize remediation activities based on business risk
• Strong organizational skills with the ability to manage follow up, remediation tracking, and action items
• Excellent communication and stakeholder coordination skills
• Experience working in enterprise IT environments with multiple business units or affiliates
• Ability to work independently in a fast paced operational environment

Preferred Qualifications

• Experience with SCCM or Microsoft Endpoint Configuration Manager
• Familiarity with patch compliance reporting and endpoint management
• Understanding of vulnerability scoring methodologies and risk prioritization
• Experience supporting cybersecurity KPI or compliance driven initiatives
• Exposure to ISMS, ISO 27001, or enterprise security governance programs
• Utility, energy, or other regulated industry experience preferred
• Experience using dashboards, reporting platforms, or internally developed security tooling
• Background in technical project coordination or infrastructure operations

Tools and Technologies:

• Rapid7 Nexpose and InsightVM
• SCCM and MECM
• Enterprise vulnerability dashboards
• Internal security reporting tools
• Endpoint patching and infrastructure platforms
• Microsoft ecosystem technologies
• Security and risk management workflows