Vulnerability Assessment Analyst

W2 only, no C2C, must be authorized to work in the US (both now and in the future).

Carex is partnering with a Insurance industry partner to identify a skilled Vulnerability Management Specialist. This role focuses on driving the timely identification, assessment, and remediation of system vulnerabilities while continuously improving the organization’s vulnerability management program. The ideal candidate will collaborate with cross-functional teams to address vulnerabilities effectively, enhance security processes, and maintain dashboards for actionable insights.

What You’ll Do

• Influence and collaborate with system owners, application owners, and operations support teams to understand the impact of vulnerabilities and implement mitigation strategies effectively.
• Communicate the business and technical implications of identified vulnerabilities to stakeholders and provide guidance on risk-based prioritization and remediation actions.
• Act as a liaison between security teams and functional teams to drive urgency and alignment in addressing vulnerabilities.
• Assess vulnerability reports for accuracy, prioritize remediation efforts, and eliminate false positives by leveraging data validation and analysis.
• Identify patterns or systemic issues in vulnerability reporting and work with teams to resolve gaps in reporting processes, tools, and automation frameworks.
• Collaborate with developers to address vulnerabilities in code by promoting secure coding practices, integrating automated analysis tools, and mentoring on secure development methodologies.
• Conduct web application security assessments to identify vulnerabilities such as XSS, SQL injection, and authentication/authorization flaws, and recommend mitigation strategies.
• Analyze third-party penetration testing results, identify remediation options, and prioritize based on business criticality and risk.
• Maintain and update dashboards to visualize vulnerability management data, track trends, and provide actionable insights to guide decision-making and security priorities.
  
  
  

What You’ll Bring:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field; or Associate’s degree with relevant experience; or High school equivalency with substantial professional experience.
• Minimum 2 years of vulnerability remediation experience with a bachelor’s degree, 5 years with an associate’s degree, or 8 years with high school equivalency.
• Proficiency with tools like Qualys, Nessus, Metasploit, AppScan, WebInspect, or Burp Suite.
• Hands-on experience with network vulnerability scanning and reporting toolsets.
• Strong understanding of vulnerability management frameworks, cybersecurity standards (e.g., NIST, ISO 27001), and risk-based prioritization.
• Expertise in vulnerability assessment, data analysis, and secure coding practices.
• Familiarity with web application security principles, including OWASP Top 10, and incident response processes.
• Ability to work cross-functionally, communicate technical information clearly, and influence stakeholders to drive resolution.
• Advanced troubleshooting, analytical, and project management skills.
  
  
  

Preferred Experience:

• Knowledge of healthcare-specific compliance requirements such as HIPAA and HITECH.
• Experience with data visualization tools like Power BI or Tableau
  
  
  

Carex Consulting Group is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or Veteran status.