Coalfire · 3 months ago
Vulnerability Analyst
United States
Full-time
Hybrid
Mid Level
$64K/yr - $112K/yr
3+ years expCoalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. They are seeking a Vulnerability Analyst to support and maintain enterprise vulnerability management tools, ensuring compliance and security in cloud-based environments.
Information Technology & Services
Responsibilities
Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches
Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams (for example, SRE and client administrators) to create tickets for remediation
Track and document vendor dependencies, operational requirements, and open vulnerabilities on a monthly basis, producing clear reports and updates for clients
Provide risk-based recommendations to address identified vulnerabilities, aligning remediation efforts with compliance obligations
Collaborate with cross-functional technical teams to integrate vulnerability management processes within cloud environments (AWS, Azure, GCP)
Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures
Participate in security assessment and authorization activities, ensuring alignment with frameworks such as FedRAMP, HITRUST, PCI, or similar
Qualification
Required
3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management
Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP
Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting
Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams
Basic administrative understanding of AWS, Azure, or GCP
Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS)
Effective communication, organizational, and documentation skills, with an emphasis on providing timely updates and clear reports to clients
Ability to work efficiently with technical teams to investigate, prioritize, and remediate vulnerabilities
Proficiency in scripting languages such as Python or PowerShell for task automation
Familiarity with defining baseline configuration standards (for example, CIS Benchmarks) and reporting on compliance posture
Preferred
Administrator-level certification in AWS, Azure, or GCP
Security-focused cloud certifications for AWS, Azure, or GCP
Security+
CISSP
Benefits
Paid parental leave
Flexible time off
Certification and training reimbursement
Digital mental health and wellbeing support membership
Comprehensive insurance options
Company
Coalfire
Coalfire is the premier Cybersecurity and Compliance Services leader for the tech, healthcare, and finance industries.
Founded in 2001Chicago, Illinois, US
1001-5000 employees
H1B Sponsorship
Coalfire has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (4)
2023 (3)
2022 (6)
2021 (2)
2020 (4)
Funding
Current Stage
Late StageLeadership Team
Tom McAndrew
CEO
Merri Chandler
Chief Financial Officer
Company data provided by crunchbase