"Alerted.org

Employment Type:

Full time

Shift:

Description:

POSITION PURPOSE

The Vulnerability Management Analyst is responsible for identifying, assessing, and assisting in the remediation of security vulnerabilities across the organization’s infrastructure, applications, and endpoints. This role requires collaboration with cross-functional teams to ensure vulnerabilities are addressed promptly and effectively while enhancing the organization's overall security posture.

ESSENTIAL FUNCTIONS

+ Conduct regular vulnerability scans and assessments using enterprise tools (e.g., CrowdStrike Falcon, Tenable, Qualys, Rapid7, etc.).

+ Analyze scan results to identify vulnerabilities, prioritize risk levels, and produce actionable reports.

+ Collaborate with IT, development, and business teams to validate, remediate, or mitigate identified vulnerabilities.

+ Monitor threat intelligence feeds and map emerging threats to the organization’s attack surface.

+ Maintain and improve processes for vulnerability lifecycle management, including discovery, tracking, reporting, and closure.

+ Provide subject-matter expertise on vulnerability risks, impacts, and remediation strategies to stakeholders.

+ Oversee and guide the documentation of processes and creation of playbooks to ensure consistent and scalable vulnerability management practices.

+ Lead post-remediation validation to verify the effectiveness of implemented fixes.

+ Manage monthly security metrics reporting related to vulnerabilities and remediation efforts.

+ Design, write, and maintain scripts using Python and PowerShell to automate routine cybersecurity tasks such as log analysis, threat indicator enrichment, alert triaging, and system health checks.

+ Serve as a subject matter expert guiding cross-functional teams in aligning vulnerability assessments with business risk tolerance, regulatory requirements, and operational impact in accordance with compliance frameworks.

+ Develop and oversee the implementation of security controls and automation within CI/CD pipelines to enforce DevSecOps best practices across the vulnerability management lifecycle.

+ Oversee and mentor junior analysts’ investigative work to ensure accuracy, thoroughness, and alignment with established processes.

MINIMUM QUALIFICATIONS

+ Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience.

+ Five (5) to seven (7) years of experience in vulnerability management, cybersecurity, or related roles.

+ Industry certifications such as CompTIA Security+, GIAC (GSEC, GCIA, etc.), CISSP, or similar.

+ Experience with compliance frameworks (e.g., HIPAA, PCI-DSS, NIST, etc.).

+ Familiarity with asset management and discovery solutions.

+ Exposure to DevSecOps practices and integration into CI/CD pipelines.

+ Subject Matter Expert with CVSS scoring and risk prioritization frameworks

+ Knowledge of scripting languages (e.g., Python, PowerShell) for automation purposes.

+ Strong understanding of vulnerability assessment tools and methodologies.

+ Familiarity with CVSS scoring and risk prioritization frameworks.

+ Strong analytical skills with the ability to interpret vulnerability data and communicate risk effectively.

+ Experience with patch management processes and tools.

+ Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals, and values of Trinity Health.

PHYSICAL AND MENTAL REQUIREMENTS AND WORKING CONDITIONS

+ This position operates in a typical office environment. The area is well lit, temperature-controlled and free from hazards.

+ Incumbent communicates frequently, in person and over the telephone, with people in a number of different locations on technical issues.

+ Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in person communications.

+ The environment in which the incumbent will work requires the ability to concentrate, meet deadlines, work on several projects at the same period and adapt to interruptions.

+ The incumbent must be capable of traveling in the course of completing project assignments.

+ Must be available for on-call rotations to support 24x7x365 service availability.

+ This role is remote however the team is expected to travel for training at minimum annually. Must be able to travel to the various Trinity Health sites (up to 10%) as needed (may or may not apply).

_The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be constructed as an exhaustive list of duties so assigned._

Our Commitment

Rooted in our Mission and Core Values, we honor the dignity of every person and recognize the unique perspectives, experiences, and talents each colleague brings. By finding common ground and embracing our differences, we grow stronger together and deliver more compassionate, person-centered care. We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other status protected by federal, state, or local law.

Our Commitment to Diversity and Inclusion

Trinity Health is a family of 115,000 colleagues and nearly 26,000 physicians and clinicians across 25 states. Because we serve diverse populations, our colleagues are trained to recognize the cultural beliefs, values, traditions, language preferences, and health practices of the communities that we serve and to apply that knowledge to produce positive health outcomes. We also recognize that each of us has a different way of thinking and perceiving our world and that these differences often lead to innovative solutions.

Our dedication to diversity includes a unified workforce (through training and education, recruitment, retention, and development), commitment and accountability, communication, community partnerships, and supplier diversity.

EOE including disability/veteran