Cyber Operations Threat Exposure Management Analyst

Cyber Operations Threat Exposure Management Analyst
6+ month contract
McKinney, TX (Hybrid)

Role Summary
We are seeking a Cyber Operations Threat Exposure Management Analyst contractor to support the review, validation, prioritization, and tracking of findings from our Threat Exposure Management platform, such as Nagomi, along with other security tools.
This role will help reduce security risk by weeding through large volumes of exposure findings, identifying what is truly actionable, eliminating noise, validating impacted assets, and working with internal teams to drive remediation.
The ideal candidate has strong cyber operations experience, understands vulnerability and exposure management, and can separate real business risk from low-value alerts.

Key Responsibilities
Review and triage findings from Threat Exposure Management platforms, including Nagomi or similar tools.
Validate findings to determine whether they are accurate, actionable, duplicate, accepted risk, or false positives.
Prioritize exposures based on exploitability, asset criticality, business impact, compensating controls, and likelihood of attack.
Correlate exposure findings across multiple tools such as vulnerability management, EDR, identity, email security, cloud security, external attack surface, and network security platforms.
Create clear, actionable remediation tasks for infrastructure, endpoint, identity, cloud, and application teams.
Track remediation progress and follow up with asset owners until findings are resolved, mitigated, or risk accepted.
Document analysis notes, ownership, risk rationale, and recommended next steps within the exposure management workflow.
Identify trends in recurring findings and recommend process improvements to reduce repeat exposure.
Assist with executive and operational reporting, including exposure status, aging, remediation progress, risk reduction, and high-priority findings.
Support Cyber Operations with prioritization of findings tied to active threats, known exploited vulnerabilities, misconfigurations, identity risks, and internet-facing exposure.
Partner with internal teams to clarify technical findings and help translate them into business-relevant risk.

Required Skills and Experience
3+ years of experience in cyber operations, vulnerability management, threat exposure management, security operations, or related security roles.
Experience reviewing and prioritizing security findings from enterprise security platforms.
Strong understanding of vulnerabilities, CVEs, misconfigurations, attack paths, exposed services, identity risks, and asset criticality.
Ability to determine whether a finding represents real risk or operational noise.
Experience working with remediation owners across infrastructure, endpoint, cloud, network, and identity teams.
Strong analytical and documentation skills.
Ability to communicate technical risk in a clear, simple, and actionable way.
Experience using ticketing or workflow platforms to track remediation activity.
Comfortable working independently and managing large volumes of findings.

Preferred Experience
Experience with Nagomi or similar Threat Exposure Management / Continuous Threat Exposure Management platforms.
Experience with tools such as CrowdStrike, Zscaler, Wiz, Tenable, Qualys, Rapid7, Microsoft Defender, ServiceNow, Jira, or similar platforms.
Understanding of MITRE ATT&CK, KEV catalog, exploitability scoring, asset criticality, and risk-based vulnerability management.
Experience supporting SOC, Cyber Operations, or Cyber Engineering teams.
Familiarity with cloud, identity, endpoint, email, and network security findings.

Key Deliverables
Validated and prioritized exposure findings.
Cleaned-up finding backlog with duplicates, false positives, and low-value noise removed.
Actionable remediation tickets assigned to the correct owners.
Weekly status reporting on high-risk exposures, aging items, blockers, and remediation progress.
Documentation of triage decisions, risk rationale, and remediation recommendations.
Improved process for managing and escalating exposure findings.

Success Measures
Reduction in unresolved high-risk exposure findings.
Improved accuracy and quality of findings routed to remediation teams.
Decrease in duplicate, false positive, or low-value tickets.
Improved visibility into exposure aging, ownership, and remediation blockers.
Faster identification and escalation of exposures tied to active threats or critical business risk.

Ideal Candidate
The ideal candidate is detail-oriented, security-minded, and comfortable digging through noisy data to find the findings that truly matter. This person should be able to think like an attacker, understand business risk, and help Cyber Operations focus remediation efforts on the exposures most likely to impact the organization.



Estimated Min Rate: $45.50
Estimated Max Rate: $65.00


What s In It for You?
We welcome you to be a part of the largest and legendary global staffing companies to meet your career aspirations. Yoh s network of client companies has been employing professionals like you for over 65 years in the U.S., UK and Canada. Join Yoh s extensive talent community that will provide you with access to Yoh s vast network of opportunities and gain access to this exclusive opportunity available to you. Benefit eligibility is in accordance with applicable laws and client requirements. Benefits include:

• Medical, Prescription, Dental & Vision Benefits (for employees working 20+ hours per week)
• Health Savings Account (HSA) (for employees working 20+ hours per week)
• Life & Disability Insurance (for employees working 20+ hours per week)
• MetLife Voluntary Benefits
• Employee Assistance Program (EAP)
• 401K Retirement Savings Plan
• Direct Deposit & weekly epayroll
• Referral Bonus Programs
• Certification and training opportunities

Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.

Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Visit ;/strong> to contact us if you are an individual with a disability and require accommodation in the application process.

For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship potentially resulting in the withdrawal of a conditional offer of employment.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

By applying and submitting your resume, you authorize Yoh to review and reformat your resume to meet Yoh s hiring clients preferences. To learn more about Yoh s privacy practices, please see our Candidate Privacy Notice: ;/strong>