Senior Vulnerability Management Analyst

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

We're excited for a Senior Vulnerability Management Analyst to join our high-energy team - to help shape the future of Vanguard's attack surface management. If you have a strong background in vulnerability management or pen-testing, as well as experience with cloud security - and you're ready to challenge yourself and to grow - this role is for you!

You'll be responsible for identifying, prioritizing, and managing vulnerabilities across Vanguard's hybrid infrastructure. The role requires excellent analytical & communication skills, combined with technical and security expertise. This is a great opportunity to join a growing team - working in a fast-paced cross-functional environment to protect Vanguard and its clients from cyber security threats.

• Leverage exposure assessment platforms to monitor Vanguard assets for vulnerabilities and security configuration weaknesses as part of CTEM implementation.
• Partner with the SOC, Cyber Threat Intel, Offensive Security Team, and other stakeholders to refine prioritization, to validate impact of suspected vulnerabilities, to advise owners on mitigation strategies or compensating controls, and to provide accurate & timely reporting that informs remediation progress.
• Investigate false-positives and requests for risk-acceptance or risk-rating adjustment.
• Shape remediation SLAs, build-breaking policies, and other enforcement controls & guardrails.
• In zero-day events, quickly iterate through VM lifecycle - creatively handle time-sensitive escalations, develop custom reports, and perform special investigations.
• Coordinate with Engineering platform team to tune scanning tools to improve visibility and to meet additional security objectives.
• Focus on continuous process improvement and identify opportunities for automation, fusion of disparate sources of security findings, and consistency of remediation owner experience.

• Minimum of 5 years related work experience required, including experience managing vulnerabilities at scale and understanding of security frameworks
• Undergraduate degree in a related field or the equivalent combination of training and experience
• Exceptional problem-solving ability
• Proven communication skills, with the ability to influence stakeholders across various seniority levels.
• Ability to independently lead multi-team initiatives.

• Experience leading structured process improvement.
• Demonstrated passion for continuous learning.
• Experience with scripting and automation.
• Experience with Aqua, Palo Alto Prisma, Wiz, CrowdStrike, Tenable Nessus, or Qualys preferred.
• Experience with aggregators such as Brinqa, Kenna, Vulcan, Dazz, or Avalor
• Experience with risk controls and interacting with internal/external audit preferred.