Vulnerability Management Analyst

TL;DR

Vulnerability Management Analyst (Cybersecurity): Triage, prioritize, and manage the full lifecycle of vulnerabilities across cloud-native and containerized environments with an accent on risk-based assessment beyond CVSS, AWS remediation, and threat-informed prioritization. Focus on automating vulnerability workflows and reporting for security posture and compliance evidence (SOC2, ISO 27001, FedRAMP) while partnering with IT, DevOps, and Engineering to reduce organizational risk.

Location: United States

Salary: $71,500 - $120,478 (USD, US-based employees)

Company

hirify.global builds security solutions and helps protect production environments through vulnerability and threat management.

What you will do

• Analyze and prioritize vulnerabilities in cloud infrastructure, containerized environments, enterprise infrastructure, and applications using a risk-based framework beyond CVSS.
• Partner with DevOps and Engineering to identify and remediate vulnerabilities and misconfigurations in AWS.
• Drive remediation by explaining risk, dependencies, and context to help teams fix issues efficiently.
• Automate and improve vulnerability management workflows by supporting data ingestion, reporting, and integrations (e.g., Jira, Slack) using Python or PowerShell.
• Develop vulnerability management metrics and provide evidence for compliance and audits (SOC2, ISO 27001, FedRAMP).
• Maintain awareness of the threat landscape, including new attack techniques and actively exploited vulnerabilities, to inform prioritization.

Requirements

• Strong hands-on cloud security experience, particularly AWS, including EC2 and container technologies such as Kubernetes and Docker.
• 2–4 years of experience in vulnerability management, product security, or a similar cybersecurity role.
• Technical understanding of common product security issues (e.g., OWASP Top 10, SSRF, injection flaws) and how they appear in modern multi-cloud architectures.
• Intermediate scripting ability (Python and/or PowerShell) to automate security workflows, reporting, and data analysis.
• Ability to collaborate and influence across a matrixed organization, communicating effectively with technical and non-technical stakeholders.
• Certification requirement: obtain AWS Certified Cloud Practitioner or AWS Certified Security – Specialty within the first year if not already held.

Nice to have

• Experience in penetration testing, product security, or the security research community.
• Certifications such as AWS Certified Security – Specialty, CISSP, CISA, or CySA+.

Culture & Benefits

• Medical, dental, and vision insurance; short-term and long-term disability coverage.
• Life insurance and AD&D, plus supplemental life options.
• Flexible spending accounts (health care and dependent care) and a Health Savings Account (HSA) with employer contribution.
• 401(k) Savings and Investment Plan with company matching.
• Flexible vacation policy, 8 paid holidays annually, and sick leave; paid parental leave.
• Employee Assistance Program (EAP) and additional voluntary benefits (e.g., legal assistance, critical illness, accident, hospital indemnity, pet insurance).

Hiring process

• Review core processes and tools (e.g., Qualys, CrowdStrike), including reporting and ticketing workflows.
• Progress from routine vulnerability management tasks to independent ownership and escalation support over 60/90/6-month milestones.
• Work with Engineering and Compliance partners to resolve remediation issues and improve vulnerability metrics.