Vulnerability Management Analyst
Location
United States
Posted
8 days ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
Vulnerability Management Analyst
Connexus Credit Union
Role Description - Conduct regular vulnerability scanning of networks, servers, endpoints, cloud environments, and applications using approved tools. - Analyze scan results to identify false positives, determine exploitability, and assess business and regulatory risk. - Prioritize vulnerabilities based on CVSS scores, threat intelligence, asset criticality, and financial institution risk impact. - Track vulnerabilities through remediation, validation, and closure using ticketing or governance platforms. - Perform re-scans to validate remediation effectiveness. - Ensure vulnerability management practices align with: - FFIEC Cybersecurity Assessment Tool (CAT) - NCUA or banking regulatory guidance - GLBA Safeguards Rule - Internal Information Security and Risk Management policies - Prepare documentation, metrics, and evidence for internal audits, regulatory exams, and third-party assessments. - Support risk acceptance decisions by documenting compensating controls and residual risk. - Partner with IT infrastructure, application development, cloud, and network teams to remediate identified risks. - Translate technical vulnerabilities into clear business risk language for leadership and non-technical stakeholders. - Provide guidance on secure configuration, patching, and vulnerability mitigation strategies. - Participate in security incident response activities when vulnerabilities are exploited or pose imminent risk. - Monitor emerging threats, zero-day vulnerabilities, and industry advisories relevant to financial services. - Contribute to vulnerability management policies, standards, and procedures. - Assist with penetration testing coordination and result analysis. - Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with required frameworks. - Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries. - Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments. - Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture. - Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches. - Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation. - Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates. - Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures. - Run the daily vulnerability management program operations, work closely with the patch management analyst in identifying and patching vulnerabilities, and actively participate in weekly vulnerability management team meetings. - Comply with all Federal Regulations as they pertain to your job duties, including BSA. Qualifications - Bachelor's degree in Information Security, Computer Science, Information Technology or commensurate experience is Required. - 3+ years professional work experience in vulnerability management, security operations, or IT risk within a regulated environment is Required. - The GIAC (GSEC or GEVA) certification is preferred upon hire although required to be completed within 6 months of hire. - Prior financial industry regulations and frameworks (FFIEC, NCUA, GLBA, NIST) is Required. - Hands-on experience with vulnerability scanning tools, such as: Tenable (Nessus, Tenable.io), Qualys, Rapid7 or similar platforms is Required. - Strong understanding of network, operating system, and application vulnerabilities, patch management processes, and secure configuration standards (CIS Benchmarks) is Required. - Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks is Required. - Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams is Required. Benefits - 25 days of paid time off and 10 paid holidays - 16 hours of paid Volunteer Time Off - 401K Retirement with up to 6% employer match - Excellent Health, Dental, Vision insurance, including multiple plan options - Health Savings Account with generous employer contributions - Employer paid Life insurance, Short-Term and Long-Term Disability - Tuition Reimbursement from $4,000 - $7,000 per calendar year - Robust Learning and Development program that includes an annual professional development stipend
Related Guides
Related Categories
Related Job Pages
More Business Analyst Jobs
• Review risk management data to identify discrete risk areas and assess overall program and project risk across cost, schedule, and performance dimensions. • Coordinate with program team members to gather, validate, and analyze risk data and supporting documentation. • Develop and maintain risk registers, risk matrices, and risk tracking tools for program and project-level use. • Identify emerging risk areas and escalate significant risks with recommended mitigation strategies to program leadership. • Create narrative, graphic, and oral status reports communicating risk identification, assessment, and mitigation status to internal and government client audiences. • Support development and implementation of risk mitigation and contingency plans in coordination with program managers and stakeholders. • Conduct qualitative and/or quantitative risk assessments using established risk management frameworks and methodologies. • Monitor and track the status of identified risks and mitigation actions across the program lifecycle. • Contribute to lessons-learned activities and continuous improvement of risk management processes. • Prepare and deliver risk briefings, formal reports, and presentations for government clients and senior program leadership.
Senior Consultant – Business Analyst
CiviteqExpertise in ERP advisory & delivery, and digital & service transformation for local & central government.
• Play a pivotal role in helping clients transform their business operations and achieve strategic objectives • Work closely with clients to understand their challenges, define requirements, and ensure successful delivery of transformation initiatives • Strong analytical skills, stakeholder engagement, and the ability to turn complex user and business needs into practical, deliverable solutions
AI Business Analyst with Prompt Engineering
NATIONMIND LLCNationMind LLC is a technology consulting firm focused on Technical Engineering, software development, technicians, QA testing and services. We help clients build reliable, scalable applications with a strong emphasis on automation, performance, and quality. Our team works across industries, delivering solutions that drive innovation and operational efficiency.
Role Description We are seeking an AI Business Analyst with Prompt Engineering experience to support AI-driven business initiatives and enterprise AI operations. Qualifications - Strong business analysis experience in AI, IT operations, automation, software delivery, digital transformation, enterprise support, platform enablement, or SaaS operations. - Good understanding of GenAI tools and platforms such as ChatGPT Enterprise, Claude Enterprise, OpenAI API, enterprise AI workspaces, and model orchestration concepts. - Experience with Slack-based support, Zendesk, Jira, Confluence, ServiceNow, or similar intake, workflow, and ticketing platforms. - Understanding of AI agents, tool calling, prompt behavior, human-in-the-loop workflows, agent lifecycle management, and runtime orchestration concepts. - Understanding of license management, user provisioning, Okta SCIM, access approvals, enterprise identity workflows, and access governance concepts. - Ability to convert ambiguous business and AI operations needs into structured requirements, workflows, user stories, acceptance criteria, test cases, and operating procedures. - Strong process mapping skills for workflows involving users, systems, approvals, exceptions, escalations, and operational support flows. - Ability to work with technical teams on APIs, integrations, MCP tools, data sources, runtime behavior, and model configuration requirements. - Experience working in Agile delivery teams with sprint planning, backlog grooming, demos, velocity tracking, and iterative delivery methodologies. - Ability to write clear process documents, SOPs, runbooks, user guides, support playbooks, and structured operational documentation. - Strong stakeholder management and communication skills across business users, product owners, engineering, security, governance, platform, and support teams. - Working knowledge of AI governance concepts including data privacy, access control, retention, redaction, model usage policies, responsible AI, and enterprise governance requirements. - Comfortable creating structured documentation for agent builds, testing, deployment, operational support, lifecycle management, and release processes. Requirements - Gather, analyze, and document business requirements for AI and enterprise operations initiatives. - Support AI platform operations, automation workflows, and digital transformation programs. - Collaborate with cross-functional teams including business users, product owners, engineering, security, governance, and support teams. - Define and document workflows, user stories, acceptance criteria, test cases, SOPs, runbooks, and operational procedures. - Assist in AI agent lifecycle management, prompt engineering activities, workflow orchestration, testing, deployment, and operational support. - Support integrations involving APIs, MCP tools, enterprise systems, and AI platforms. - Ensure adherence to AI governance, data privacy, access control, and enterprise compliance requirements. - Participate in Agile ceremonies including sprint planning, backlog grooming, demos, and delivery tracking. Company Description NationMind LLC is a technology consulting firm focused on software development and QA testing services. We help clients build reliable, scalable applications with a strong emphasis on automation, performance, and quality. Our team works across industries, delivering solutions that drive innovation and operational efficiency.
• Lead requirements gathering, analysis, documentation, and validation for Medicaid pharmacy claims, MMIS processing, eligibility, prior authorization, and related workflows. • Facilitate discussions with business, vendor, and technical teams to define requirements, resolve issues, and align on scope and priorities. • Translate business, policy, and regulatory needs into clear requirements, user stories, process flows, business rules, and acceptance criteria. • Analyze current and future-state processes to identify gaps, risks, dependencies, and improvement opportunities. • Maintain key project artifacts such as traceability matrices, workflow documentation, interface mappings, and decision logs. • Partner with testing teams to develop test scenarios, support SIT and UAT, manage defects, and validate business outcomes. • Support implementation, change requests, issue resolution, and production support activities. • Mentor junior analysts and promote consistent analysis, documentation, and collaboration practices.
