[Remote] Vulnerability Management Analyst

Note: The job is a remote job and is open to candidates in USA. Connexus Credit Union is a member-focused cooperative serving members across all 50 states. They are seeking a Vulnerability Management Analyst to conduct vulnerability scans, analyze results, prioritize vulnerabilities, and ensure compliance with regulatory guidance while collaborating with various teams to remediate identified risks.

Responsibilities

• Conduct regular vulnerability scanning of networks, servers, endpoints, cloud environments, and applications using approved tools
• Analyze scan results to identify false positives, determine exploitability, and assess business and regulatory risk
• Prioritize vulnerabilities based on CVSS scores, threat intelligence, asset criticality, and financial institution risk impact
• Track vulnerabilities through remediation, validation, and closure using ticketing or governance platforms
• Perform re-scans to validate remediation effectiveness
• Ensure vulnerability management practices align with, FFIEC Cybersecurity Assessment Tool (CAT), NCUA or banking regulatory guidance, GLBA Safeguards Rule and Internal Information Security and Risk Management policies
• Prepare documentation, metrics, and evidence for internal audits, regulatory exams, and third-party assessments
• Support risk acceptance decisions by documenting compensating controls and residual risk
• Partner with IT infrastructure, application development, cloud, and network teams to remediate identified risks
• Translate technical vulnerabilities into clear business risk language for leadership and non-technical stakeholders
• Provide guidance on secure configuration, patching, and vulnerability mitigation strategies
• Participate in security incident response activities when vulnerabilities are exploited or pose imminent risk
• Monitor emerging threats, zero-day vulnerabilities, and industry advisories relevant to financial services
• Contribute to vulnerability management policies, standards, and procedures
• Assist with penetration testing coordination and result analysis
• Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with required frameworks
• Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries
• Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments
• Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture
• Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches
• Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation
• Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates
• Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures
• Run the daily vulnerability management program operations, work closely with the patch management analyst in identifying and patching vulnerabilities, and actively participate in weekly vulnerability management team meetings
• Comply with all Federal Regulations as they pertain to your job duties, including BSA

Skills

• Bachelor's degree in Information Security, Computer Science, Information Technology or commensurate experience is Required
• 3+ years professional work experience in vulnerability management, security operations, or IT risk within a regulated environment is Required
• Prior financial industry regulations and frameworks (FFIEC, NCUA, GLBA, NIST) is Required
• Hands-on experience with vulnerability scanning tools, such as: Tenable (Nessus, Tenable.io), Qualys, Rapid7 or similar platforms is Required
• Strong understanding of, network, operating system, and application vulnerabilities, patch management processes, and secure configuration standards (CIS Benchmarks) is Required
• Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks is Required
• Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams is Required
• The GIAC (GSEC or GEVA) certification is preferred upon hire although required to be completed within 6 months of hire

Benefits

• 25 days of paid time off and 10 paid holidays
• 16 hours of paid Volunteer Time Off
• 401K Retirement with up to 6% employer match
• Excellent Health, Dental, Vision insurance, including multiple plan options
• Health Savings Account with generous employer contributions
• Employer paid Life insurance, Short-Term and Long-Term Disability
• Tuition Reimbursement from $4,000 - $7,000 per calendar year
• Robust Learning and Development program that includes an annual professional development stipend

Company Overview