Senior Security Analyst, Vulnerability Management
At Vanta, we're on a mission to help businesses earn and prove trust. We believe security should be a continuous process, not a one-time event. If you're passionate about securing cloud environments and thrive on tackling complex security challenges, join our talented team and help shape the future of security operations!
As a Senior Security Analyst focused on Vulnerability Management, you'll be a key player in safeguarding our systems, with a strong focus on maintaining compliance with FedRAMP's rigorous continuous monitoring (ConMon) and POA&M reporting requirements. You'll collaborate closely with engineering, compliance, and cloud infrastructure teams to ensure vulnerabilities are managed efficiently and transparently across the board.
If you're ready to take ownership of a critical security function, drive cross-functional security initiatives, and make a real impact in a fast-growing company, this is your chance!
What You'll Do:
Lead the vulnerability management program for Vanta’s FedRAMP-authorized systems and environments, ensuring its effectiveness and continuous improvement.
Perform in-depth analysis, prioritization, and meticulous tracking of vulnerabilities identified through internal tools, external assessments, and our bug bounty program (using tools like Semgrep, Tenable, etc.).
Coordinate remediation timelines with engineering and infrastructure teams, adhering to defined SLAs and ensuring timely resolution of vulnerabilities.
Collaborate with the GRC team to develop, manage, and maintain comprehensive Plan of Actions & Milestones (POA&Ms), ensuring completeness, accuracy, and adherence to deadlines.
Support monthly and quarterly FedRAMP continuous monitoring (ConMon) activities, including authenticated scans, detailed reporting, and proactive updates to stakeholders.
Develop and maintain clear, concise documentation and insightful dashboards to track vulnerability status, POA&M metrics, and compliance reporting.
Partner closely with compliance teams to ensure seamless alignment with System Security Plans (SSPs), maintain audit readiness, and proactively track and manage risks.
Assist with incident response and conduct thorough root cause analysis in the event a vulnerability leads to a security exposure.
Investigate discovered vulnerabilities to determine potential exploitation and assess the impact on our systems.
Recommend and implement improvements in scanning processes, tooling, and communication workflows to enhance the effectiveness of our vulnerability management program.
What You'll Need to Succeed:
4+ years of experience in information security or vulnerability management, including 2+ years working within a FedRAMP environment.
A solid understanding of FedRAMP controls and ConMon/POA&M reporting processes, with the ability to apply them effectively.
Hands-on experience with vulnerability management tools (e.g., Tenable/Nessus, AWS-native tools, SAST, DAST, and related technologies).
Familiarity with cloud-native environments (especially AWS) and CI/CD pipelines, including security best practices.
A proven track record of triaging vulnerabilities based on severity, risk, and context, and aligning them with appropriate remediation timelines.
Excellent communication skills, with the ability to collaborate effectively with both technical and non-technical teams and provide clear context to compliance stakeholders.
Exceptional organizational skills and a commitment to maintaining accurate and comprehensive documentation.
Experience with Jira and GRC platforms is a definite plus.
What You Can Expect as a Vanta'n:
Industry-competitive compensation
100% covered medical, dental, and vision benefits with dependents coverage
16 weeks fully-paid parental Leave for all new parents
Health & Wellness Stipend
Remote Workspace Stipend
401(k) Matching Plan
Flexible work hours and location
Open & Encouraged PTO Policy
9 Company Paid Holidays
Offices in SF, NYC, London, Dublin, and Sydney
To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.
#LI-remote
At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.
About Vanta
We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged.
Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that's real-time and transparent.