Vulnerability Management Analyst

Newrez LLC•Coppell, TX

About The Position

The Vulnerability Management (VM) Analyst is a hands-on practitioner responsible for discovering, analyzing, prioritizing, and tracking remediation of vulnerabilities across endpoints, servers, cloud platforms, containers, and applications. The analyst operates the VM toolset, improves scan coverage and data quality, partners with system and application owners to drive remediation within policy SLAs, and produces clear, actionable reporting for both technical teams and leadership. The role supports zero-day events, audit requests, and continuous program maturation as part of the enterprise VM program governed by our Patch & Vulnerability Management Standard.

Requirements

Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience.
2-4 years in Information Security or Systems Engineering, including 2+ years directly operating a vulnerability management program or toolset in a multi-platform environment.
Exposure to Windows/Linux patching, cloud platforms (Azure/AWS), container registries, and network devices; understanding of change management and maintenance windows.
Familiarity with NIST CSF/ISO 27001; experience supporting audits and customer security requests preferred.
Technical depth in vulnerability scanning, agent management, and authenticated scans across Windows/Linux, cloud workloads, and containers.
Ability to apply risk analysis frameworks and understand exploitability and business impact.
Scripting experience (PowerShell and/or Python) and comfort with Excel/Power BI or SQL for reporting.
Familiarity with ITSM/CMDB integrations.
Strong communication skills for translating technical findings into actionable tickets and summaries.
Process discipline for maintaining documentation and audit evidence.
All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Nice To Haves

Security+, CySA+, GSEC, AZ-500, Qualys VMDR Specialist, or similar.

Responsibilities

Scanning Operations & Coverage
Execute authenticated and agent-based scans using Qualys (VMDR, WAS/TotalAppSec) for on-premises, cloud assets, containers, and web applications.
Manage Suridata for SaaS security posture and asset discovery.
Assist with Veracode application security scanning and reporting.
Maintain scan schedules, credentials, and agent health; expand coverage to new assets and services.
Coordinate with platform owners to enable safe scanning and validate rescans.
Triage, Analysis & Prioritization
Review and triage scan results, reducing false positives and noise.
Apply risk-based frameworks (CVSS v3.1, CISA KEV, EPSS, asset criticality) to prioritize remediation.
Provide clear remediation guidance and document knowledgebase notes.
Remediation Coordination & Tracking
Create and route remediation tickets via ITSM platforms (e.g., ServiceNow, Jira).
Track SLA attainment and escalate issues as needed.
Partner with infrastructure, desktop, cloud, and application teams to resolve blockers.
Validate fixes through rescans and close tickets with evidence.
Data Quality, Integrations & Automation
Improve asset-to-owner mapping and tag critical systems.
Support automation for ticket creation, routing, and exception reviews.
Maintain operational runbooks and playbooks.
Reporting, Metrics & Audit Support
Build and publish dashboards on coverage, SLA performance, exception inventory, and risk reduction.
Provide evidence for internal/external audits and customer security reviews.
Exceptions & Risk Acceptance
Process exception requests per policy, ensuring compensating controls and tracking expiry/review dates.
Monitor and drive timely renewal or closure of exceptions.
Zero-Day / Major Event Response
Assist with rapid assessment, scoping, communication, and mitigation during critical events.
Participate in after-hours rotations as needed.
Performs related duties as assigned by management.

Benefits

Medical, dental, and vision insurance
Health Savings Account with employer contribution
401(k) Retirement plan with employer match
Paid Maternity Leave/Parental Bonding Leave
Pet insurance
Adoption Assistance
Tuition reimbursement
Employee Loan Program
The Newrez Employee Emergency and Disaster Fund is a new program to support our team members
Newrez NOW: Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more
1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice
Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee
Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions