Vulnerability Analyst(ServiceNow)

Role: Vulnerability Analyst(ServiceNow)

Location: Austin, TX (Hybrid)

Duration: Long Term

Responsibilities:

Vulnerability Remediation Coordination

• Review, triage, and manage vulnerability remediation assignments within ServiceNow IT Remediation Workspace.
• Coordinate remediation efforts for vulnerabilities that cannot be addressed through normal patch cycles (e.g., emergency, high-risk CVEs, exceptions, or special remediation scenarios).
• Serve as the central point of coordination between Server Operations, Security (CSOC), and other impacted teams throughout the remediation lifecycle.
• Track remediation status, dependencies, and outstanding actions to ensure vulnerabilities progress to closure in accordance with policy and risk priorities.
• Ensure remediation activities align with the Vulnerability Remediation Process and supporting work instructions.

ServiceNow & IT Remediation Workspace

• Create, manage, and update:
• Vulnerability Remediation Tasks (VUL)
• Associated Change Requests
• Related Configuration Items (CIs)
• Ensure accurate documentation of remediation plans, implementation steps, validation outcomes, and rollback plans within ServiceNow records.
• Validate that vulnerability remediation tasks meet ServiceNow process requirements and audit expectations before change submission.
• Coordinate remediation sequencing across multiple server platforms and support teams using ServiceNow workflows and assignment rules.

Change Management & CAB Presentation

• Prepare and submit Normal and Standard Change Requests for vulnerability remediation activities.
• Present vulnerability remediation changes to CAB, clearly articulating:
• Security risk and urgency
• Scope and impacted systems
• Remediation approach
• Testing and validation plans
• Rollback and risk mitigation measures
• Address CAB questions and coordinate follow up actions as needed to secure approval.
• Ensure approved changes are scheduled, communicated, and implemented in alignment with change windows and operational constraints.

Cross Platform Server Support

•  
• Coordinate vulnerability remediation across:
• Windows Server environments
• Linux Server environments (RHEL)
• Citrix server platforms
• Work with platform SMEs to understand remediation requirements and constraints without directly executing patching activities.
• Ensure consistent remediation tracking and reporting across heterogeneous server platforms.

Organization, Tracking & Reporting

•  
• Maintain detailed tracking of:
• Outstanding vulnerabilities
• Change approvals
• Implementation status
• Validation and closure evidence
• Support audit, compliance, and leadership reporting with accurate, up to date remediation metrics and status summaries.
• Identify process gaps, bottlenecks, or recurring issues and recommend improvements to remediation and change workflows.

Qualifications:

Required Qualifications

• 3+ years of experience coordinating server vulnerability remediation activities in an enterprise environment.
• 3+ years of hands-on experience with ServiceNow, including Change Management and IT Remediation Workspace.
• 3+ years of experience working with change management processes, including preparing and presenting changes to a Change Advisory Board (CAB).
• 3+ years of practical experience supporting server platforms, including Windows Server, Linux Server, and Citrix Infrastructure.
• 3+ years of experience managing multiple concurrent remediation efforts with strong organizational and prioritization skills.
• 3+ years of experience demonstrating excellent written and verbal communication skills, particularly for CAB presentations and cross-functional team coordination.

Preferred Qualifications

• 1+ year of experience supporting vulnerability remediation within a government, regulated, or large enterprise environment.
• 1+ year of experience working with vulnerability management workflows involving CSOC, Infrastructure, and Application teams.
• 1+ year of experience coordinating emergency or out-of-band vulnerability remediation activities outside standard patching schedules.
• 1+ year of experience supporting audit, compliance, or security evidence collection related to vulnerability remediation.
• 1+ year of experience ensuring timely remediation of high-risk vulnerabilities and managing approved exceptions.
• 1+ year of experience creating and maintaining high-quality, CAB-approved change records with complete and accurate documentation.
• 1+ year of experience providing clear and auditable tracking of vulnerability remediation activities from assignment through closure.
• 1+ year of experience improving cross-team coordination and reducing remediation delays across Windows, Linux, and Citrix server environments.