Navy Federal Credit Union
Vulnerability Management Analyst
Navy Federal Credit Union, San Diego, California, United States, 92189
Overview
We are seeking a highly motivated and detail-oriented individual to join our Vulnerability Management team. As a Vulnerability Management Analyst, you will play a crucial role in providing coordination and support of remediation activities for identified vulnerabilities and defects within the Navy Federal Credit Union environment.
You will work closely with cross‑functional teams to ensure that vulnerabilities are effectively prioritized, remediated, and monitored to protect the organization's assets and sensitive data. As a part of this role, the candidate will be required to clearly and effectively communicate the business impact and urgency of security defects.
Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship.
Responsibilities
Vulnerability Identification & Assessment: Collaborate with the Information Security team on the identification and validation of vulnerabilities across security scanning tools and automated workflows with ticketing systems.
Vulnerability Analysis & Prioritization: Perform comprehensive analysis of discovered vulnerabilities and provide risk‑based assessments to determine severity and potential impact on business operations. Lead coordination efforts with system owners and stakeholders to ensure appropriate prioritization based on criticality and business impact.
Remediation Activities: Work with internal teams to coordinate the remediation and patch management processes, ensuring that vulnerabilities are remediated in a timely and efficient manner. Develop and track vulnerability remediation plans, providing regular status updates and ensuring completion. Communicate escalated timelines for critical and high impact vulnerabilities through to
Risk Reporting & Documentation: Prepare detailed reports and presentations to various stakeholders, highlighting the status of vulnerabilities, trends, and risks. Maintain up‑to‑date vulnerability management documentation, including vulnerability inventories, patch status, and remediation timelines.
Security Tools & Technologies: Leverage security tools and platforms to monitor and manage vulnerabilities. Maintain current knowledge of best practices and the threat landscape.
Collaboration & Training: Work closely with IT, development, and operations teams to integrate vulnerability management practices into the software development lifecycle (SDLC) and system administration processes. Provide guidance and training to staff on best practices for vulnerability identification, patching, and mitigation.
Compliance & Standards Adherence: Ensure that vulnerability management practices align with industry best practices, regulatory requirements and internal security policies. Assist with internal audits and compliance assessments as required.
Prepare reports and presentations communicating risks and status to various stakeholders, including IT and business leaders.
Assist with the strategic initiatives for the Vulnerability Management team.
Review and optimize team processes and procedures for managing vulnerabilities and remediation efforts.
Qualifications
Bachelor's Degree or equivalent experience in cybersecurity, with a focus on vulnerability management and risk assessment.
Minimum of 3-5 years experience in vulnerability analysis or risk analysis.
Demonstrated experience reviewing and analyzing vulnerabilities, assessing the level of risk and ability to provide reasonable recommendations for remediation.
Demonstrated experience with security risk management frameworks and hardening guidelines (e.g., NIST 800-53, CSF, CIS Benchmarks).
Experience with vulnerability management platforms such as Rapid7 Nexpose, Qualys, Tenable Nessus, or Wiz.
Experience with managing vulnerabilities within ITSM platforms (Remedy, ServiceNow, etc.).
Ability to conduct root cause analysis for identified vulnerabilities and determine reasonable solutions.
Experience with patch management processes and remediation strategies.
Strong analytical, and problem‑solving skills.
Familiarity with Operating Systems and network protocols.
Strong understanding of technical concepts, security controls, and best practices related to areas such as networking, system administration, application development, and information security.
Excellent written, verbal communication, and presentation skills with the ability to effectively communicate technical concepts, findings, conclusions, and other information to a variety of audiences.
Strong organizational and project management skills with the ability to prioritize and execute.
Excellent interpersonal skills with the ability to manage stakeholder relationships.
Passionate about cyber security, a desire to protect and help people; positive attitude and enjoys constantly learning.
Hours:
Monday - Friday, 8:00AM - 4:30PM
Locations:
820 Follin Lane, Vienna VA 22180 | 5510 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131
Equal Employment Opportunity:
All qualified applicants will receive consideration for employment without regard to age, race, sex, color, religion, national origin, disability, veteran status, pregnancy, sexual orientation, genetic information, gender identity or any other basis protected by applicable law. #J-18808-Ljbffr
You will work closely with cross‑functional teams to ensure that vulnerabilities are effectively prioritized, remediated, and monitored to protect the organization's assets and sensitive data. As a part of this role, the candidate will be required to clearly and effectively communicate the business impact and urgency of security defects.
Navy Federal Credit Union currently does not provide sponsorship for this role. Applicants must be authorized to work in the United States without the need for current or future sponsorship.
Responsibilities
Vulnerability Identification & Assessment: Collaborate with the Information Security team on the identification and validation of vulnerabilities across security scanning tools and automated workflows with ticketing systems.
Vulnerability Analysis & Prioritization: Perform comprehensive analysis of discovered vulnerabilities and provide risk‑based assessments to determine severity and potential impact on business operations. Lead coordination efforts with system owners and stakeholders to ensure appropriate prioritization based on criticality and business impact.
Remediation Activities: Work with internal teams to coordinate the remediation and patch management processes, ensuring that vulnerabilities are remediated in a timely and efficient manner. Develop and track vulnerability remediation plans, providing regular status updates and ensuring completion. Communicate escalated timelines for critical and high impact vulnerabilities through to
Risk Reporting & Documentation: Prepare detailed reports and presentations to various stakeholders, highlighting the status of vulnerabilities, trends, and risks. Maintain up‑to‑date vulnerability management documentation, including vulnerability inventories, patch status, and remediation timelines.
Security Tools & Technologies: Leverage security tools and platforms to monitor and manage vulnerabilities. Maintain current knowledge of best practices and the threat landscape.
Collaboration & Training: Work closely with IT, development, and operations teams to integrate vulnerability management practices into the software development lifecycle (SDLC) and system administration processes. Provide guidance and training to staff on best practices for vulnerability identification, patching, and mitigation.
Compliance & Standards Adherence: Ensure that vulnerability management practices align with industry best practices, regulatory requirements and internal security policies. Assist with internal audits and compliance assessments as required.
Prepare reports and presentations communicating risks and status to various stakeholders, including IT and business leaders.
Assist with the strategic initiatives for the Vulnerability Management team.
Review and optimize team processes and procedures for managing vulnerabilities and remediation efforts.
Qualifications
Bachelor's Degree or equivalent experience in cybersecurity, with a focus on vulnerability management and risk assessment.
Minimum of 3-5 years experience in vulnerability analysis or risk analysis.
Demonstrated experience reviewing and analyzing vulnerabilities, assessing the level of risk and ability to provide reasonable recommendations for remediation.
Demonstrated experience with security risk management frameworks and hardening guidelines (e.g., NIST 800-53, CSF, CIS Benchmarks).
Experience with vulnerability management platforms such as Rapid7 Nexpose, Qualys, Tenable Nessus, or Wiz.
Experience with managing vulnerabilities within ITSM platforms (Remedy, ServiceNow, etc.).
Ability to conduct root cause analysis for identified vulnerabilities and determine reasonable solutions.
Experience with patch management processes and remediation strategies.
Strong analytical, and problem‑solving skills.
Familiarity with Operating Systems and network protocols.
Strong understanding of technical concepts, security controls, and best practices related to areas such as networking, system administration, application development, and information security.
Excellent written, verbal communication, and presentation skills with the ability to effectively communicate technical concepts, findings, conclusions, and other information to a variety of audiences.
Strong organizational and project management skills with the ability to prioritize and execute.
Excellent interpersonal skills with the ability to manage stakeholder relationships.
Passionate about cyber security, a desire to protect and help people; positive attitude and enjoys constantly learning.
Hours:
Monday - Friday, 8:00AM - 4:30PM
Locations:
820 Follin Lane, Vienna VA 22180 | 5510 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131
Equal Employment Opportunity:
All qualified applicants will receive consideration for employment without regard to age, race, sex, color, religion, national origin, disability, veteran status, pregnancy, sexual orientation, genetic information, gender identity or any other basis protected by applicable law. #J-18808-Ljbffr