Sr Vulnerability Management Analyst

We're excited for a Senior Vulnerability Management Analyst to join our high-energy team - to help shape the future of Vanguard's attack surface management and VulnOps. This role sits at the intersection of security risk, automation, and emerging AI - driven capabilities. If you're a cybersecurity professional who thrives on critical thinking, challenging yourself, and shaping how humans and machines work together to reduce risk - this role is for you!

You'll be responsible for identifying, prioritizing, and managing vulnerabilities across Vanguard's hybrid infrastructure - ensuring adherence to security hardening standards and integration with AI-assisted remediation tooling. The role requires strong analytical & communication skills, combined with technical and security expertise. This is a great opportunity to join a growing team - working in a fast-paced cross-functional environment to protect Vanguard and its clients from cyber security threats

• Leverage exposure assessment platforms to monitor Vanguard assets for vulnerabilities and security configuration weaknesses as part of CTEM implementation
• Automate various aspects of VulnOps to help defend against AI-driven threats
• Partner with the SOC, Cyber Threat Intel, Offensive Security Team, and other stakeholders to refine prioritization, to validate impact of suspected vulnerabilities, to advise owners on mitigation strategies or compensating controls, and to provide accurate & timely reporting that informs remediation progress
• Investigate false-positives and requests for risk-acceptance or risk-rating adjustment
• Shape enforcement controls & guardrails
• In zero-day events, quickly iterate through VM lifecycle - creatively handle time-sensitive escalations, develop custom reports, and perform special investigations
• Coordinate with Engineering platform team to tune scanning tools to improve visibility and to meet additional security objectives
• Focus on continuous process improvement and identify opportunities for automation, fusion of disparate sources of security findings, and consistency of remediation owner experience.

• Minimum of 5 years related work experience required, with 2 years of experience managing vulnerabilities at scale and understanding of security frameworks
• Strong knowledge of CVSS
• Expertise in at least 1 major cloud service provider
• Prior experience automating processes
• Undergraduate degree in a related field or the equivalent combination of training & experience
• Exceptional problem-solving ability
• Solid communication skills, with the ability to influence stakeholders across various seniority levels
• Ability to own and lead cross-functional initiatives - including planning, execution, & outcome tracking

• Demonstrated passion for continuous learning
• Experience with scripting and automation
• Experience with Aqua, Palo Alto Prisma, Wiz, CrowdStrike, Tenable Nessus, or Qualys
• Experience with Claude Code/Codex or Threat Modeling
• Experience with risk controls and interacting with internal/external audit