Security Vulnerability Analyst (StateRAMP/FedRAMP)

Title: Security Vulnerability Analyst (StateRAMP/FedRAMP)

Location: Remote

Duration: 12 Months+

Position Overview:

We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across client Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts.

This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal client ATO (Authority To Operate) process.

The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools. The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.

Position Duties:

• Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ
• May be necessary to manually run reports to verify remediation efforts were successful
• Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with
• Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances
• Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed
• Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future
• Assist with software deployments and upgrades. These may include, but not limited to
• client application upgrades
• Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades
• Remediate vulnerabilities within SLA (Service Level Agreement) guidelines
• Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner
• Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)

Skills: Basic Qualifications:

Bachelor s degree in computer science or similar; otherwise 6+ years of IT experience Technical Experience

Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management

Security & Compliance Knowledge

Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports

Preferred Qualifications:

Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment