Information Security Analyst/Administrator

The Vulnerability Management Analyst is responsible for overseeing and coordinating vulnerability management activities across the enterprise. This role analyzes and interprets vulnerability assessment results, supports automated security scanning, and collaborates with application, infrastructure, and operations teams to ensure timely remediation. While the role is technical in nature, it does not perform direct remediation.

Key Responsibilities

• Monitor, analyze, and report vulnerability assessment data to identify and communicate technical risks
• Support identification, classification, and impact analysis of newly discovered vulnerabilities
• Execute and support vulnerability assessments, penetration testing, and social engineering activities
• Review and interpret application security scan results with an understanding of underlying code structures
• Provide post-development testing support to validate vulnerability remediation efforts
• Track, coordinate, and facilitate remediation activities across multiple teams
• Ensure timely closure of security gaps in collaboration with application, infrastructure, and operations teams
• Analyze and aggregate vulnerability data from multiple tools and platforms
• Manage and utilize security tools such as DLP, code scanners, and external security profiling tools
• Participate in the IT SDLC to ensure security is embedded by design and default
• Provide insights on emerging cyber threats, including threat actor tactics, techniques, and procedures
• Support regulatory, audit, and compliance efforts, including vulnerability-related inquiries
• Brief Information Security leadership on vulnerability findings, risks, and trends
• Collaborate cross-functionally to improve overall security posture
• Continuously develop knowledge and skills to support Information Security objectives

• Bachelor s degree in Computer Science, Information Technology, or equivalent experience
• 3+ years of experience in IT, Information Security, or Compliance
• Experience with security and compliance standards such as SOC 1/2, ISO 27001/27002, PCI DSS, HITRUST, NIST, and SANS
• Experience implementing compliance frameworks in regulated or financial services environments
• Strong understanding of enterprise IT systems and security tools
• Ability to interpret application structures and code approaches at a high level
• Strong analytical, problem-solving, project management, and communication skills
• Ability to work collaboratively across business and technical teams

• Security certifications such as CISSP, CISM, GIAC, PCI DSS, CHPSE, or similar
• Experience in healthcare or health insurance environments
• Knowledge of HIPAA, CMS, and related vendor security requirements
• Familiarity with Security SDLC tools and processes

• Successful completion of background and compliance screenings prior to placement and periodically thereafter
• Completion of mandatory security and compliance training within the first few weeks of assignment