M9 Solutions logo
M9 Solutions

DELIVERING THE DIGITAL FUTURE™

Risk and Vulnerability Analyst

Security AnalystSecurity AnalystFull TimeRemoteSeniorTeam 51-200Since 2007H1B No SponsorCompany SiteLinkedIn

Location

District Of Columbia + 1 moreAll locations: District Of Columbia | Washington

Posted

7 days ago

Salary

$60K - $180K / year

Seniority

Senior

Bachelor Degree3 yrs expEnglishCloud

Job Description

Risk and Vulnerability Analyst

M9 Solutions

• Work remotely in support of a government contract for a client located in Washington, DC. • Provide risk and vulnerability analysis. • Conduct security assessments and scanning. • Collaborate with teams to address vulnerabilities and improve security measures.

Job Requirements

  • Active Secret security clearance.
  • Bachelor’s Degree.
  • Three (3) to five (5) years of security-related experience.
  • Experience with industry-accepted scanning tools, ad hoc, and automated scanning for Operating Systems, Databases, and Web Applications.
  • Experience with Cloud Compliance scans, on-site scanning, and skilled at troubleshooting scanning-related issues.
  • Must be highly organized and customer-service focused.
  • Ability to automate scanning.
  • Experience with Information Security Vulnerability Management (ISVM) scans and compliance.
  • Experience with API Discovery and scanning.

Benefits

  • M9 Benefits - https://m9solutions.com/why-join-m9/#our-benefits

Related Job Pages

More Security Analyst Jobs

Garner Health logo

Senior GRC Analyst

Garner Health

A better way to get your employees to high-quality doctors.

Full TimeRemoteTeam 51-200Since 2019H1B No Sponsor

Garner’s mission is to transform the healthcare economy, delivering high-quality and affordable care for all. We are fundamentally reimagining how healthcare works in the U.S. by partnering with employers to redesign healthcare benefits using clear incentives and powerful, data-driven insights. Our approach guides employees to higher-quality, lower-cost care, creating a system that works better for everyone. Patients achieve better health outcomes, employers spend healthcare dollars more effectively, and physicians are rewarded for delivering exceptional care rather than performing more procedures. Garner is one of the fastest-growing healthcare technology companies in the country. Our products are trusted by the most sophisticated employers and providers in the industry, and we are building a team of talented, mission-driven individuals who are motivated to make a meaningful impact on healthcare at scale. About the role:We are looking for a Senior GRC Analyst to join our Technical Compliance team to ensure Garner’s compliance posture across security frameworks such as ISO 27001, SOC 2, HITRUST, and HIPAA. As a Senior GRC Analyst, you will run our internal audits, guide our external assessments, and partner with teams across Engineering, Product, People, and Legal so that our controls are designed well, operating effectively, and continuously improving. Our Technical Compliance team safeguards Garner’s sensitive healthcare data and protects the trust of our members, clients, and partners by maintaining a strong control environment and regulatory compliance. The work you do here has a direct impact on our ability to win and retain enterprise customers, expand into new lines of business, and scale securely as we grow. Where you will work:This role is open to remote candidates across the U.S. For candidates based in New York City, the position follows a hybrid schedule with in-office work required Tuesday, Wednesday, and Thursday each week. What you will do: - Manage and support our compliance certifications, including SOC 2, HITRUST, and ISO 27001 audits and run control testing across the audit lifecycle - Serve as the subject matter expert across the company on our compliance frameworks - Serve as the primary point of contact for external auditors and assessors - Manage Garner’s Security and Privacy trust center - Maintain the risk register and drive risk identification, scoring, and reporting - Manage the maintenance of our compliance policies, standards, and procedures - Report on our compliance posture to senior leadership - Scale our GRC function with AI and automation, building quick wins and scoping requirements for Engineering to fully automate the rest The ideal candidate has: - 5+ years of experience in GRC, IT audit, or information security compliance - Prior experience with HITRUST, SOC 2, and ISO 27001 audits - Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment - Proven ability to adapt your communication style across engineers, operators, and executives - A GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks - Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor preferred - A desire to be a part of a high-performing, mission-driven team that operates with intense urgency, a strong sense of individual accountability, and a commitment to authentic feedback Technologies we use: - AWS, Okta, Datadog, Retool, Gitlab, Vanta This is a unique opportunity to join a fast-growing company in a transformative role, helping shape the future of healthcare. Compensation Transparency:The target salary range for this position is $132,000 - $165,000. Individual compensation for this role will depend on various factors, including qualifications, skills, and applicable laws. In addition to base compensation, this role is eligible to participate in our equity incentive and competitive benefits plans, including but not limited to: flexible PTO, Medical/Dental/Vision plan options, 401(k), Teladoc Health and more. Fraud and Security Notice: Please be aware of recent job scam attempts. Our recruiters use getgarner.com and garnerhealth.com email domains exclusively. If you have been contacted by someone claiming to be a Garner recruiter or a hiring manager from a different domain about a potential job, please report it to law enforcement here and to candidateprotection@garnerhealth.com. Equal Employment Opportunity:Garner Health is proud to be an Equal Employment Opportunity employer and values diversity in the workplace. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Garner Health is committed to providing accommodations for qualified individuals with disabilities in our recruiting process. If you need assistance or an accommodation due to a disability, you may contact us at talent@garnerhealth.com.

United States
$132K - $165K / year
blueAPACHE logo

Security Analyst

blueAPACHE

blueAPACHE is based on the idea that people should have secure and efficient access to their systems wherever they are.

Full TimeRemoteTeam 201-500Since 1998H1B No Sponsor

• Monitor security alerts and triage incidents across SIEM and endpoint tools. • Investigate suspicious activity and escalate confirmed threats to senior analysts. • Document incidents, findings, and response actions in ticketing systems. • Perform initial log analysis to identify indicators of compromise and attack patterns. • Support continuous improvement of detection rules, playbooks, and SOC processes.

Sri Lanka
Quadcode SaaS logo

Senior Security Analyst – L2/L3

Quadcode SaaS

At Quadcode we build brokerage platforms. Go live in six weeks with an award-winning turnkey solution.

Full TimeRemoteTeam 501-1,000H1B No Sponsor

• Work closely with infrastructure teams (Admins, NOC, OPS, Compliance), translating security signals into actionable findings and coordinating response across operating systems, infrastructure, and cloud environments. • Responsible for security event monitoring, incident response, and continuous improvement of detection and IR processes. • Participate in Agile (2-week sprints, grooming, planning, retrospectives) and use collaborative tools for teamwork. • Handle working hours during business hours, with paid overtime in case of incidents. • Work with a modern stack and grow within the company — including cloud and hybrid infrastructure, and AI applied to real security work. • Conduct event correlation rules development and automation.

Georgia

Cybersecurity Analyst

UnitedHealth Group

UnitedHealth Group is a healthcare and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of

Title: Cybersecurity Analyst - Hybrid in MN Job Description: Requisition number: 2357994 Job category: Technology Primary location: Eden Prairie, MN Overtime status: Exempt travel" style="font-size:1rem !important">Travel: No Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best.Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale.Join us to start Caring. Connecting. Growing together. The Insider Risk Analyst is responsible for detecting, analyzing, and investigating potential insider‑driven risks to UnitedHealth Group's people, data, and systems. This role supports the Insider Risk Program by monitoring user activity, identifying anomalous or concerning behavior, conducting investigations, and partnering with cross‑functional stakeholders to mitigate risk while ensuring privacy, legal, and policy compliance. The analyst will leverage technical data sources, behavioral indicators, and investigative techniques to assess risk, support casework, and contribute to the continuous improvement of insider risk detection and response capabilities. If you reside in Minnesota, you'll enjoy the flexibility of a hybrid-remote position* as you take on some tough challenges. This position follows a hybrid schedule with four in-office days per week. Primary Responsibilities Insider Risk Detection & Analysis - Monitor and analyze user activity, system logs, and alerts to identify potential insider risk indicators, including data exfiltration, misuse of access, policy violations, or negligent behavior. - Perform analytical triage of insider risk alerts generated from enterprise security tools (e.g., SIEM, DLP, endpoint, identity, and email systems). - Establish baseline user behavior and identify deviations that may indicate insider risk activity. Investigations & Case Management - Conduct insider risk investigations by collecting, correlating, and analyzing data from multiple technical and non‑technical sources. - Document investigative findings, timelines, and conclusions in accordance with Insider Risk Program procedures and records‑retention requirements. - Prepare clear, concise investigative summaries and risk assessments for leadership and stakeholders. Technical & Forensic Support - Analyze logs, email activity, file access, web activity, and authentication events to support investigations. - Assist with digital forensic data collection and analysis in support of insider risk cases, as appropriate. - Develop, maintain, and refine queries, dashboards, and analytical workflows to improve detection efficiency and investigative quality. Cross‑Functional Collaboration - Partner with HR, Legal, Compliance, Employee Relations, Privacy, and Information Security teams during insider risk reviews and investigations. - Support escalation and coordination with Enterprise Information Security for incidents requiring broader security response. - Participate in insider risk working groups and contribute to program governance activities. Program & Process Improvement - Contribute to the development and enhancement of insider risk policies, procedures, and standard operating processes. - Assist in defining insider risk indicators, metrics, and reporting to support program maturity. - Support audits, assessments, and program evaluations related to insider risk management. You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: - Bachelor's degree in Cybersecurity, Information Security, Computer Science, Criminal Justice, or a related field - 3+ years of experience in cybersecurity - 3+ years of experience in security analysis, investigations, insider risk, threat analysis, or digital forensics - 2+ years of experience with working knowledge of security logs, user activity monitoring, and investigative techniques - 2+ years of experience of documenting findings clearly and communicate effectively with both technical and non‑technical audiences Preferred Qualifications: - Experience supporting an insider risk, fraud, compliance, or digital forensics program - Hands‑on experience with SIEM platforms (e.g., Splunk, Sentinel), DLP tools, endpoint security, or identity monitoring - Familiarity with insider risk frameworks and best practices (e.g., CERT Insider Threat, NIST CSF) - Experience collaborating with HR, Legal, Privacy, or Employee Relations teams - Knowledge of privacy, data protection, and employee monitoring considerations in a regulated environment Soft Skills: - Strong analytical and critical‑thinking skills with the ability to assess risk objectively - Demonstrated ability to handle sensitive information with discretion and professionalism Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $72,800 - $130,000 annually based on full-time employment. We comply with all minimum wage laws as applicable. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location, and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups, and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment. #RPO #YELLOW

Minnesota
$72.8K - $130K / year