Sr. Threat & Vulnerability Management Analyst

Job Summary
The Sr. Threat and Vulnerability Management Analyst will be reporting directly to Security Operations Manager and will be responsible for managing system and asset exposures that could lead to cybersecurity incidents.

This role is a critical component of the organization's operative cybersecurity practice and will provide targeted information and analysis necessary to mitigate risk.

The Sr. Threat and Vulnerability Management Analyst will be responsible and actively involved in incident response and threat hunting activities. The ideal candidate will have a thorough and advanced understanding of information security, cyber threats, cyber threat actors as well as efficient monitoring and detection practices.

The Sr. Threat and Vulnerability Management Analyst will also work to aide in the building and continuous advancement of the team and practices needed to ensure success.

This position reports to the Security Operations Manager. This position is a remote position with Home Office setup as determined by SHI management.

About Us
Since 1989, SHI International Corp. has helped organizations change the world through technology. We've grown every year since, and today we're proud to be a $14 billion global provider of IT solutions and services.

Over 17,000 organizations worldwide rely on SHI's concierge approach to help them solve what's next.

But the heartbeat of SHI is our employees - all 6,000 of them.

If you join our team, you'll enjoy:

Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.

Continuous professional growth and leadership opportunities.

Health, wellness, and financial benefits to offer peace of mind to you and your family.

World-class facilities and the technology you need to thrive - in our offices or yours.

Responsibilities
Include but not limited to:

Assist in the development and implementation of a comprehensive vulnerability management program aligned with industry best practices.

Conduct regular vulnerability scans (including internal, external, and web application scans).

Analyze vulnerability scan results to identify valid vulnerabilities, prioritize them based on severity, exploitability, and potential business impact.

Oversee the vulnerability remediation process, including patch management, configuration management, and working with internal teams (development, IT operations) to ensure timely remediation of identified vulnerabilities.

Collaborate with the SOC team to integrate vulnerability management findings into the overall security posture of the organization. This may involve sharing threat intelligence or assisting in incident response activities where vulnerabilities are exploited.

Stay up-to-date on the latest vulnerability trends, threats, and mitigation strategies. This could involve attending security conferences, participating in online communities, and subscribing to relevant security alerts or new letters.

Develop and maintain strong relationships with security vendors and partners to stay informed about new tool offerings and threat intelligence.

Provide regular reports to leadership on the status of the vulnerability management program, including key metrics like number of vulnerabilities identified, remediation rates, and overall program effectiveness.

Continuously improve the vulnerability management program by identifying and implementing new tools, processes, and automation opportunities.

Participate in vulnerability assessments and penetration testing activities.

Document vulnerability management processes and procedures.

Train and mentor security team members on vulnerability management best practices.

Qualifications

5+ years of relevant industry experience specifically in IT Engineering, Security Operations, Cloud Security, and enterprise vulnerability remediation

3+ years of experience within a threat and vulnerability role

Bachelor's degree in computer science, information systems, information security, related field or relevant work experience required

Minimum of 5+ years of experience in vulnerability management or a related security discipline.

Working knowledge of security frameworks and best practices (e.g., NIST Cybersecurity Framework, OWASP Top 10).

Experience with scripting languages (e.g., Python, Bash) to automate vulnerability management tasks a plus.

Familiarity with Security Operations Center (SOC) operations a plus.

Strong understanding of vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS), penetration testing methodologies, and patch management processes.

Required Skills

Ability to use vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS), penetration testing methodologies, and patch management processes.

Excellent analytical and problem-solving skills.

Strong communication and collaboration skills, with the ability to influence and work effectively with cross-functional teams.

Ability to work independently and manage multiple priorities in a fast-paced environment.

Ability to work in a security-conscious environment.

Certifications Required

NICCS (CISA):

CVA

GIAC:

GEVA, GCTI, GCFA, GNFA, GMON, GCED, GREM, GSNA, GCIH, GSEC

ISACA:

CSX-P

ISC2:

CISSP, CAP

Additional Information

The estimated annual pay range for this position is $80,000 - $130,000 which includes a base salary. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

Equal Employment Opportunity - M/F/Disability/Protected Veteran Status
•