VMCA Analyst

We are looking for VMCA Analyst - Hybrid for our client in Boston MA 02210.

Job Title: VMCA Analyst

Job Location: Boston MA 02210

Job Type: Contract

Job Overview:

Pay Range: $57.03 - $62.06

Requirement/Must Have:

• 1+ years of experience with enterprise scanning platforms (e.g., Qualys, Wiz, Tenable, Rapid7) to identify, assess, and track vulnerabilities across endpoints, servers, and cloud services.
• Strong understanding of CVSS scoring, exploitability, and threat context (e.g., MITRE ATT&CK) to prioritize vulnerabilities based on risk and business impact.
• Experience assessing and validating secure configurations using automated compliance tools and aligning controls to frameworks such as CIS, NIST, ISO, and PCI-DSS.
• Ability to analyze large datasets to identify trends, anomalies, and risk concentrations, and to develop dashboards and reporting (e.g., Tableau) for technical and executive audiences.
• Knowledge of cloud platforms (AWS, Azure, Google Cloud Platform), container environments, and hybrid infrastructure, including associated vulnerability and configuration risks.
• Experience integrating vulnerability and configuration data into enterprise platforms such as SIEM, GRC, and ticketing systems to support governance and operational workflows.

Responsibilities:

• Drive visibility into vulnerabilities and misconfigurations, ensuring alignment with secure baseline standards, and enabling risk-informed remediation across on-premises, cloud, and hybrid environments.
• Leverage enterprise security tools and data analytics to assess vulnerabilities, monitor configuration compliance, and provide actionable insights that strengthen the organization s overall security posture.
• Analyze scan results, prioritize remediation efforts based on risk and exploitability, and implement compensating controls where necessary.
• Work closely with cross-functional teams including Infrastructure, Cloud, Engineering, and Business Information Security Officers (BISOs) to ensure that vulnerabilities are effectively remediated and configuration standards are consistently applied.
• Support governance, audit readiness, and executive reporting by delivering clear, accurate, and actionable risk metrics and insights.

Skills:

• Risk-Based Decision Making: Ability to evaluate vulnerabilities and misconfigurations based on risk, exploitability, and business impact, enabling effective prioritization and remediation strategies.
• Analytical Thinking & Problem Solving: Strong capability to analyze complex security data, identify trends and root causes, and translate findings into actionable insights.
• Attention to Detail & Audit Readiness: High level of accuracy in validating vulnerability data, configuration compliance, and exception handling, ensuring outputs are audit-ready and defensible.
• Communication & Executive Reporting: Ability to clearly articulate technical risks and remediation status to both technical teams and senior leadership, supporting informed decision-making.
• Collaboration & Influence: Proven ability to work across cross-functional teams to drive remediation, enforce security standards, and improve overall security posture.
• Operational Ownership & Continuous Improvement: Proactive mindset focused on enhancing vulnerability management processes, reducing risk exposure, and improving control effectiveness across the enterprise.

Qualification And Education:

• Bachelor's Degree in a relevant field.