Vulnerability & Risk Analyst
A Fortune 50 financial services company is seeking a highly motivated Vulnerability & Risk Analyst for our client in the McLean, VA area.
Overview:
- Seeking a highly skilled Vulnerability & Risk Analyst with 5+ years of experience to support Network Circuit Management operations. The ideal candidate will bring technical expertise in vulnerability assessment, risk management, and security architecture, while also contributing to compliance, reporting, and process improvement efforts. This role requires the ability to work across technical and business teams to identify, assess, and mitigate risks that impact the organization’s infrastructure and services.
Responsibilities:
- Conduct vulnerability assessments across networks, systems, applications, and cloud platforms using tools such as Nessus and Rapid7.
- Identify, categorize, and prioritize vulnerabilities; ensure timely remediation through coordination with engineering and operations teams.
- Apply risk frameworks to analyze threats, assess business impacts, and design practical risk mitigation strategies.
- Support incident response activities, including investigation, containment, and remediation, by providing actionable vulnerability and risk intelligence.
- Review network and application architectures for security gaps, recommending controls and design improvements.
- Integrate threat intelligence feeds and advisories into ongoing vulnerability and risk analysis.
- Develop, update, and enforce policies, procedures, and templates for vulnerability management and risk assessment.
- Support internal and external audit and compliance processes (e.g., GDPR, HIPAA, PCI DSS, SOX) by providing documentation and evidence of controls.
- Create dashboards and reports to communicate vulnerability and risk trends to senior leadership; use data to inform decision-making and resource allocation.
- Partner with cross-functional teams to support the delivery of projects within scope, budget, and compliance requirements.
Qualifications:
- 5+ years of experience in vulnerability management, risk analysis, or related security analyst roles.
- Hands-on experience with vulnerability assessment tools (Nessus, Rapid7, or similar).
- Strong understanding of risk frameworks and ability to translate technical issues into business impacts.
- Knowledge of incident response processes and collaboration with SOC/security operations teams.
- Familiarity with threat intelligence platforms and integration into security programs.
- Experience supporting audit, compliance, and regulatory requirements (GDPR, HIPAA, PCI DSS, SOX).
- Strong analytical, communication, and reporting skills, with experience preparing dashboards and metrics for senior stakeholders.
- Ability to work independently and in collaboration with cross-functional teams to meet deadlines and drive remediation.
Desired:
- Knowledge of network circuit management operations and related infrastructure.
- Experience authoring policies, standards, and best practices in vulnerability management.
- Certifications such as CISSP, CISA, CISM, or CompTIA Security+ are a plus.
