Coalfire · 12 hours ago
Vulnerability Analyst
United States
Full-time
Remote
Mid Level
$78K/yr - $135K/yr
3+ years expCoalfire is a cybersecurity company dedicated to solving complex security challenges for its clients. The Vulnerability Analyst will manage vulnerability management processes, ensuring compliance and security in cloud-based environments while collaborating with various teams to integrate vulnerability management into CI/CD pipelines.
Information Technology & Services
Responsibilities
Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders
Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks
Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries
Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments
Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed
Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms
Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture
Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches
Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation
Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients
Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures
Qualification
Required
3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management
Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP
Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting
Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams
Administrator-level certification in AWS, Azure, or GCP
Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including ability to assess attack surfaces and recommend cloud-native remediation approaches
Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks
Understanding of NIST 800-53 security controls, particularly RA-5, SI-2, CM-6, and how continuous monitoring supports control implementation
Experience with STIG benchmarks and automated compliance scanning tools (SCAP, SCC)
Familiarity with baseline configuration standards (CIS Benchmarks, vendor hardening guides) and compliance posture reporting
Ability to distinguish false positives from true vulnerabilities and articulate risk-based justifications for deviation requests
Proficiency in scripting languages (Python, PowerShell, Bash) for task automation, report generation, and remediation workflows
Strong client-facing communication and documentation skills, with ability to present technical findings to federal stakeholders and produce timely compliance reports
Ability to work efficiently with cross-functional technical teams to investigate, prioritize, and coordinate vulnerability remediation efforts
Bachelor's degree or equivalent work experience
Preferred
Security-focused cloud certifications for AWS, Azure, or GCP
CISSP
Familiarity with container security scanning tools (Trivy, Anchore, Snyk) and Kubernetes security postures
Knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools
Familiarity with CI/CD security integration patterns and DevSecOps toolchains
Benefits
Paid parental leave
Flexible time off
Certification and training reimbursement
Digital mental health and wellbeing support membership
Comprehensive insurance options
Company
Coalfire
Coalfire is the premier Cybersecurity and Compliance Services leader for the tech, healthcare, and finance industries.
Founded in 2001Chicago, Illinois, US
1001-5000 employees
H1B Sponsorship
Coalfire has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (4)
2023 (3)
2022 (6)
2021 (2)
2020 (4)
Funding
Current Stage
Late StageLeadership Team
Tom McAndrew
CEO
Merri Chandler
Chief Financial Officer
Company data provided by crunchbase