Vulnerability Management and Configuration Assurance (VMCA) Analyst

This is a 9 month contract-to-hire and needs to meet Client full-time conversion policies. Those dependent on a work permit sponsor now or anytime in the future (ie H1B, OPT, CPT, etc) do not meet Client requirements for this opening.

Hybrid work schedule in either Boston or Springfield, Massachusetts

**MUST BE W2; No Corp-to-Corp**

The Vulnerability Management and Configuration Assurance (VMCA) Analyst plays a critical role in identifying, assessing, and reducing cyber risk across the enterprise by delivering effective vulnerability management and configuration assurance capabilities. This role is responsible for driving visibility into vulnerabilities and misconfigurations, ensuring alignment with secure baseline standards, and enabling risk-informed remediation across on-premises, cloud, and hybrid environments.

The analyst leverages enterprise security tools and data analytics to assess vulnerabilities, monitor configuration compliance, and provide actionable insights that strengthen the organization s overall security posture. This includes analyzing scan results, prioritizing remediation efforts based on risk and exploitability, and implementing compensating controls where necessary.

Working closely with cross-functional teams including Infrastructure, Cloud, Engineering, and Business Information Security Officers (BISOs) the VMCA Analyst ensures that vulnerabilities are effectively remediated and configuration standards are consistently applied. The role also supports governance, audit readiness, and executive reporting by delivering clear, accurate, and actionable risk metrics and insights.

Vulnerability Management Tools: Hands-on experience with enterprise scanning platforms (e.g., Qualys, Wiz, Tenable, Rapid7) to identify, assess, and track vulnerabilities across endpoints, servers, and cloud services.

Risk-Based Vulnerability Analysis: Strong understanding of CVSS scoring, exploitability, and threat context (e.g., MITRE ATT&CK) to prioritize vulnerabilities based on risk and business impact.

Configuration Assurance & Compliance: Experience assessing and validating secure configurations using automated compliance tools and aligning controls to frameworks such as CIS, NIST, ISO, and PCI-DSS.

Data Analytics & Visualization: Ability to analyze large datasets to identify trends, anomalies, and risk concentrations, and to develop dashboards and reporting (e.g., Tableau) for technical and executive audiences.

Cloud & Platform Security: Knowledge of cloud platforms (AWS, Azure, Google Cloud Platform), container environments, and hybrid infrastructure, including associated vulnerability and configuration risks.

Security Tool Integration: Experience integrating vulnerability and configuration data into enterprise platforms such as SIEM, GRC, and ticketing systems to support governance and operational workflows.

Core Strengths

Risk-Based Decision Making: Ability to evaluate vulnerabilities and misconfigurations based on risk, exploitability, and business impact, enabling effective prioritization and remediation strategies.

Analytical Thinking & Problem Solving: Strong capability to analyze complex security data, identify trends and root causes, and translate findings into actionable insights.

Attention to Detail & Audit Readiness: High level of accuracy in validating vulnerability data, configuration compliance, and exception handling, ensuring outputs are audit-ready and defensible.

Communication & Executive Reporting: Ability to clearly articulate technical risks and remediation status to both technical teams and senior leadership, supporting informed decision-making.

Collaboration & Influence: Proven ability to work across cross-functional teams to drive remediation, enforce security standards, and improve overall security posture.

Operational Ownership & Continuous Improvement: Proactive mindset focused on enhancing vulnerability management processes, reducing risk exposure, and improving control effectiveness across the enterprise.