Vulnerability Management Analyst

Description

Our Company:

At red violet, we build proprietary technologies and apply analytical capabilities to deliver identity intelligence. Our technology powers critical solutions, which empower organizations to operate with confidence. Our solutions enable the real-time identification and location of people, businesses, assets and their interrelationships. These solutions are used for purposes including risk mitigation, due diligence, fraud detection and prevention, regulatory compliance, and customer acquisition. Our intelligent platform, CORE™, is purpose-built for the enterprise, yet flexible enough for organizations of all sizes, bringing clarity to massive datasets by transforming data into intelligence. Our solutions are used today to enable frictionless commerce, to ensure safety, and to reduce fraud and the concomitant expense borne by society.  

The Role:

The Vulnerability Management Analyst is responsible for maintaining and improving the security posture of always-on production and non-production systems. As part of the Information Security team, this role will collaborate with Cloud Operations, Cloud Engineering, Development, IT and Security Engineering to ensure timely vulnerability remediation and security patching across various environments. This position requires a proactive approach to threat mitigation and security best practices while leveraging automation and security tooling.

What You Will Do:

• Analyze and prioritize vulnerability reports to ensure timely remediation of security risks across multiple operating systems and environments.
• Partner with security and cloud teams to apply security patches and configurations both manually and through automated processes.
• Enhance security automation by integrating vulnerability management into CI/CD pipelines, Infrastructure as Code, Static Application Security Testing, Dynamic Application Security Testing, and configuration management tools.
• Develop and maintain security documentation, including technical procedures and remediation playbooks.
• Collaborate with cross-functional teams to improve vulnerability management processes and ensure security best practices are followed.
• Participate in knowledge sharing within the Information Security team, helping to improve security awareness and response capabilities.
• Maintain and improve the vulnerability management lifecycle, including asset inventory integration and scan coverage validation.
• Collaborate with Cloud Operations, Development and Infrastructure teams to validate fixes and implement compensating controls where needed.
• Monitor external threat intelligence sources and evaluate potential impact to the organization’s environment.
• Generate and present vulnerability metrics and risk reports for various stakeholders, including dashboards and executive summaries.
• Support regulatory and compliance initiatives (e.g., PCI, SOC2, NIST, ISO 27001) by maintaining evidence of vulnerability management practices.
• Participate in the development of policies, standards, and procedures related to vulnerability management and secure configuration.
• Contribute to red team/blue team exercises and incident response processes when vulnerabilities are exploited or leveraged in attack paths.

What You Bring:

• 1-3 years of hands-on experience in vulnerability management, IT security, or related areas.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field — or equivalent experience.
• Hands-on experience with vulnerability management tools and remediation strategies across Linux and Windows environments.
• Familiarity with automation tools, to streamline security patching.
• Fundamental understanding of cloud security within Amazon Web Services, including IAM, EC2, S3, VPC, and other security-related services.
• Strong analytical skills to assess vulnerabilities, determine impact, and drive remediation efforts.
• Knowledge of CVSS, MITRE ATT&CK, CWE, and vulnerability databases (NVD, ExploitDB, etc.).
• Excellent communication skills, with the ability to articulate security risks and remediation strategies to both technical and non-technical stakeholders.
• A proactive mindset with a passion for security, continuous learning, and staying updated on emerging threats and best practices.
• Experience with container security tools and agentless cloud security solutions.
• Security certifications such as CompTIA Security+, GIAC GSEC, GCIH, GMON, or OSCP. 
• Applicants must have permanent work authorization in the U.S.; we are not sponsoring visas for this role. 

What We Offer:

red violet offers excellent benefits including opportunity for stock (RSU) grants, a 401K and generous company match, flexible PTO policy, medical, dental and vision coverage, commuter benefits, in-office healthy snacks, team events and more.

red violet is proud to be an Equal Opportunity Employer.