Cybersecurity Vulnerability Management Analyst (Remote | Contract)
Location: 100% Remote (U.S.-based candidates only) Duration: May 2026 – August 2026 (Extension Possible) Schedule: Monday–Friday, 8:00 AM – 5:00 PM CST Hours: Up to ~560 hours
Overview
We are seeking an experienced Cybersecurity Vulnerability Management Analyst to support enterprise vulnerability management and remediation efforts in a large, complex environment. This role is focused on end-to-end vulnerability lifecycle management —from baseline establishment and risk prioritization to remediation tracking, validation, and reporting. The ideal candidate will bring strong experience aligning processes with NIST standards , driving accountability across stakeholders, and ensuring timely closure of security risks.
Key Responsibilities
Vulnerability Inventory & Baseline
- Review existing vulnerability data from scans, assessments, and security tools
- Establish and maintain a consolidated vulnerability baseline
- Develop and document remediation timelines based on risk posture and aging
Risk Classification & Prioritization
- Categorize and prioritize vulnerabilities based on severity, exploitability, and business impact
- Align classification methodologies with
NIST guidelines
- Ensure remediation timelines align with defined risk thresholds
Remediation Coordination
- Partner with system, infrastructure, and application owners to drive remediation efforts
- Communicate risk context, expectations, and timelines clearly to stakeholders
- Track remediation progress and identify blockers or dependencies
- Escalate critical or overdue vulnerabilities through appropriate governance channels
Tracking, Metrics & Reporting
- Maintain accurate tracking of vulnerability status across systems
- Produce regular reports on remediation progress, risk exposure, and trends
- Provide visibility into aging vulnerabilities and SLA compliance
Validation & Closure
- Validate remediation through scan results and supporting evidence
- Confirm closure in tracking systems once issues are resolved
- Ensure exceptions or risk acceptances are properly documented and approved
Program Improvement
- Identify gaps in vulnerability management processes
- Recommend improvements aligned with
NIST standards and governance practices
- Support continuous improvement of remediation workflows and accountability
Required Qualifications
- 8+ years
of experience in vulnerability management and remediation
- Strong experience with:
- Vulnerability inventory and baseline establishment
- Risk classification and prioritization frameworks
- Tracking and reporting remediation efforts
- Validation of remediation using scan results or evidence
- Hands-on experience with vulnerability scanning and management tools
- Strong understanding of
NIST-based security frameworks
- Excellent communication and stakeholder coordination skills
Preferred Qualifications
- Experience in large enterprise or public sector environments
- Familiarity with governance, risk, and compliance (GRC) processes
- Strong analytical and reporting capabilities
Work Environment
- 100% remote within the United States
- Standard business hours with occasional off-hours support as needed
- No travel required unless pre-approved