IT Security Specialist III - Vulnerability Management Analyst

Immediate need for a talented IT Security Specialist III - Vulnerability Management Analyst. This is a 07+ Months Contract opportunity with long-term potential and is located in US (Remote). Please review the job description below and contact me ASAP if you are interested.

Job ID:26-01435

Pay Range: $40 - $45/hour.  Employee benefits include, but are not limited to, health insurance (medical, dental, vision), 401(k) plan, and paid sick leave (depending on work location).
 
Key Responsibilities:

• Lifecycle Management: Full vulnerability lifecycle—discovery, triage, prioritization, coordination for remediation, and validation.
• Scanning: Schedule and manage automated scans (90% automated), ensure proper configuration and permissions.
• Collaboration: Work closely with infrastructure and application teams to assist with remediation and clarify requirements.
• Automation: Enhance automation of processes beyond scanning (e.g., API integrations between platforms).
• Platform Administration: Maintain and administer vulnerability management platforms, ensuring reports are accurate and distributed.
• Reporting: Send weekly/monthly vulnerability reports and participate in stakeholder calls to explain findings.
• Communication: Translate technical risk into understandable terms for non-technical audiences.
• Manage the life cycle of vulnerabilities from discovery, triage, prioritizing, advising, remediation, and validation.
• Improve and automate the existing vulnerability management lifecycle. Maintain and administer vulnerability management platforms.
• Work with the business teams to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
• Perform recurring and on-demand scanning activities of both corporate and cloud environments utilizing the enterprise platform.
• Provide support and resolution for scanning and vulnerability remediation reporting issues. Send out weekly and monthly vulnerability reports to the various teams.
• Ability to assess newly identified vulnerabilities, determine exposure, investigate solutions, and recommend controls to minimize risks that could arise.
• Ability to create effective reports and presentations tailored to different audiences to ensure transparency and understanding of the program.
• Ability to troubleshoot issues with credentialed network scans and vulnerability assessment issues with system administrators.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• Ability to effectively communicate risk, including corrective action plans/recommendations to non-technical audiences.
• Ability to build operational processes using industry best practices that are tailored to organization, system, and processes.
• Top priorities: Infrastructure Vulnerability Management, Web App Scanning, then Cloud Security Posture and External Attack Surface Management.
• Automation is critical—the candidate should be able to script and integrate tools, but not for remediation tasks (focus is on process automation).
• Effective communication and the ability to handle large data sets are essential.

Key Requirements and Technology Experience:

• Must have skills: - Must have experience in Infrastructure Vulnerability Management; Web Application Scanning (WAS), Cloud Security Posture Management (CSPM), External Attack Surface Management (EASM), Scans Automation.
• Minimum 3 to 7 years of relevant experience.
• Strong knowledge of cyber threats and vulnerabilities.
• Experience in automation (Python, PowerShell, Power Automate, etc. | Ability to work with APIs for process automation).
• Must have experience with the following platforms – Infrastructure Vulnerability Management (VM), Web Application Scanning (WAS).
• Skill in conducting vulnerability scans and recognizing vulnerabilities/misconfigurations in security systems and web applications. Skill in conducting application vulnerability assessments.
• Analyze large datasets to identify trends, prioritize impactful vulnerabilities, and reduce noise often associated with vulnerability tools.
• Stays up to date with current vulnerabilities and vulnerabilities related news in various industries.
• Demonstrated strong knowledge of networks, desktops, servers, cloud, and software as a service technology.
• Cloud Knowledge: Any major cloud provider (AWS, Azure, etc.) acceptable; focus is on posture/configuration management.
• Preferred Tools: Tenable, Qualys, Rapid7, CrowdStrike (vendor-specific experience not required).
• Unified Vulnerability Management (UVM): Nice-to-have, not mandatory. No preference for specific platforms.
• Industry Experience: Helpful if the candidate understands manufacturing/Client environments but not required.
• Experience Level: Targeting Level III (3–7 years), no upper limit; certifications helpful but not mandatory.
• Work Conditions: Fully remote, must work 9 AM–5 PM EST. No on-call duties. Occasional “all hands” overtime possible.
• A bachelor’s degree is preferred, but not a hard requirement.
• Working Conditions: Normal corporate office environment.
• Must be able to work 9am – 5pm EST. Occasionally might need for all hands-on deck for OT.

Our client is a leading Food and Beverage Manufacturing Industry and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration.
 
Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy .