The Vulnerability Analyst supports ClearTrust Cyber's Vulnerability Management services by conducting external vulnerability scans, analyzing results, validating findings, and documenting technical findings and implications in a clear, actionable manner. This role focuses on accuracy, consistency, and professional judsgement rather than volume or alert-driven work.
The analyst exercieses independent judgement in validating findings, identifying false positives, and assessing the technical context and exposure conditions of vulnerabilities within client environments.
Success in this role is measured by the quality and clarity of vulnerability assessments and technical remediation guidance, as well as the consistent completion of defined deliverables.
This is a remote position structured around defined deliverables and professional judgment, with a full-time scope of responsibility. Workload is structured around defined deliverables and recurring vulnerability management cycles rather than shift-based or on-call coverage.
• Conduct scheduled external vulnerability scans using approved scanning tools and defined asset scopes.
• Review and validate scan results, including identification and handling of false positives.
• Analyze vulnerabilities to determine technical severity, exploitability conditions, and potential technical impact.
• Prepare clear, actionable vulnerability assessment summaries and technically appropriate remediation options.
• Track and manage assigned vulnerability assessments through defined delivery cycles.
• Collaborate with internal stakeholders to ensure accurate scoping and consistent delivery.
• Participate in internal stakeholder discussions as needed to support assessment accuracy, clarity, and quality.
• Adhere to established procedures, quality standards, and documentation requirements.
• Hands-on experience conducting vulnerability assessments using commercial scanning tools.
• Practical understanding of common vulnerability types, severity scoring, and remediation considerations.
• Experience reviewing scan results and validating findings, including identification of false positives.
• Demonstrated ability to explain technical vulnerability findings clearly and accurately to technical and non-technical stakeholders.
• Demonstrated ability to provide practical, technically appropriate remediation options.
• Experience producing written vulnerability assessment summaries or reports intended for client or stakeholder consumption.
• Familiarity with standard vulnerability management workflows and recurring assessment cycles.
• Demonstrated ability to work effectively in an asynchronous environment, managing deliverables independently and communicating progress clearly.
• Strong attention to detail and ability to exercise professional judgment with minimal day-to-day supervision.