IT Security Analyst - Vulnerability Management Specialist

Location: Remote

Type: Full-Time

Department: Information Security

About Us

As the largest online distributor of restaurant supplies and equipment, WebstaurantStore, a Clark Associates company, hosts an expansive catalogue with over 430,000 products that are delivered through fast, dependable shipping, making us the internet's largest restaurant supplier. Our CAST (Clark Associates Security Team) is committed to maintaining the highest standards of security and integrity in all our applications and systems.

Role Overview

We are seeking a skilled and proactive Vulnerability Management Specialist to join our cybersecurity team. In this role, you will be responsible for identifying, assessing, and mitigating vulnerabilities across our systems, networks, and applications. You will work closely with IT, security, and development teams to enhance our vulnerability management program, ensuring the organization maintains a strong security posture while aligning with industry best practices and compliance standards.

Key Responsibilities

Vulnerability Identification and Risk Assessment

• Conduct regular vulnerability scans using tools such as Nessus, Qualys, or Rapid7 to identify security weaknesses.
• Analyze scan results to assess the risk and impact of discovered vulnerabilities, prioritizing remediation efforts based on exploitability and business impact.

Remediation Coordination

• Collaborate with IT and development teams to implement mitigation strategies and track remediation progress.
• Provide clear recommendations for remediation and ensure timely resolution of identified vulnerabilities.

Policy Enforcement and Compliance

• Assist in developing and enforcing vulnerability management policies, ensuring alignment with industry standards (e.g., PCI, CIS Controls, ISO 27001).
• Define scanning frequencies and establish service-level agreements (SLAs) for remediation timelines.

Monitoring and Reporting

• Generate detailed vulnerability assessment reports for stakeholders, highlighting risks and remediation progress.
• Monitor trends in vulnerabilities and emerging threats, providing insights for improving security controls.

Tool Management and Automation

• Configure, maintain, and optimize vulnerability management tools to ensure efficient and effective scanning.
• Automate scanning processes and integrate vulnerability management into the broader security ecosystem.

Continuous Improvement and Threat Awareness

• Stay up to date on the latest security vulnerabilities, exploits, and mitigation techniques.
• Recommend and implement improvements to enhance the organization’s vulnerability management program.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
• 2 years of experience in vulnerability management, security assessments, or related roles.
• Proficiency in vulnerability scanning tools such as Nessus, Qualys, Rapid7, or OpenVAS.
• Familiarity with security frameworks and compliance standards (e.g., NIST, CIS, ISO 27001, PCI-DSS, HIPAA).
• Experience with scripting (e.g., Python, PowerShell, Bash) for automation is a plus.
• Relevant certifications (e.g., CompTIA Security , GIAC Certified Vulnerability Assessor (GCVA), CISSP) are preferred.

Skills and Competencies

• Effective Communication: Ability to articulate technical findings to both technical and non-technical stakeholders.
• Technical Expertise: Strong understanding of vulnerability scanning, risk assessment, and remediation processes.
• Industry Knowledge: Awareness of security best practices, regulatory requirements, and emerging threats.
• Time and Priority Management: Capable of managing multiple assessments and remediation efforts effectively.
• Leadership and Collaboration: Ability to work cross-functionally and provide guidance on vulnerability management best practices.

• Access to a reliable and secure high-speed internet connection. Cable or fiber internet connections (at least 75mbps download/10mbps upload) are preferred, as satellite connections often cannot support the technologies used to perform day-to-day tasks.
• Access to a home router and modem.
• A dedicated home office space that is noise- and distraction-free. The space should have strong wireless connection or a wired Ethernet connection (wired connection is preferred, if possible).
• A valid, physical address (apartment, suite, etc.). PO Boxes are not supported, as a physical address is required for you to receive your computer equipment.
• The desire and ability to work and communicate with other team members via chat, webcam, etc.
• Legal residents of one of the following states: (AK, AL, AR, AZ, CT, DE, FL, GA, IA, ID, IN, KS, KY, LA, MD, ME, MI, MN, MO, MS, NC, ND, NH, NM, NV, OH, OK, PA, SC, SD, TN, TX, UT, VA, VT, WI, WV, and WY). H-1B Visa Sponsorship Not Available, W2 only.