Senior Vulnerability Management Analyst

{
  "content_hash": "24fbfcb1c3492c845dddb40142f744c2c72f3cc9a57cadf53a9a5f6dcda97f42",
  "source_hash": "4f59e46e0dc7429830b1ba424c0fa5b3de148ed5bb0107e1a7daf470413844dd",
  "last_changed_at": "2026-06-06T09:44:27.284Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Scottsdale, AZ",
    "city": "Scottsdale",
    "region": "AZ",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T19:41:18.435Z",
  "launch_scope": {
    "reason": "workday_production_catalog",
    "included": true,
    "location": {
      "raw": "Scottsdale, AZ",
      "city": "Scottsdale",
      "region": "AZ",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": null,
  "workplace_type": "hybrid",
  "salary_currency": null
}

{}

{
  "list_job": {
    "title": "Senior Vulnerability Management Analyst",
    "postedOn": "Posted 2 Days Ago",
    "bulletFields": [
      "R0005025"
    ],
    "externalPath": "/job/Scottsdale-AZ/Senior-Vulnerability-Management-Analyst_R0005025",
    "locationsText": "Scottsdale, AZ"
  },
  "detail_errors": [],
  "detail_job_posting_info": {
    "id": "62b0c56709491001aee13274464a0000",
    "title": "Senior Vulnerability Management Analyst",
    "posted": true,
    "country": {
      "id": "bc33aa3152ec42d4995f4791a106ed09",
      "descriptor": "United States of America"
    },
    "canApply": true,
    "jobReqId": "R0005025",
    "location": "Scottsdale, AZ",
    "postedOn": "Posted 2 Days Ago",
    "timeType": "Full time",
    "logoImage": {
      "alt": "Osaic",
      "src": "/wday/cxs/advisorgroup/Advisor_Career_Site/sidebarimage/fdc1f50d9c2e100158866e3657b90000"
    },
    "startDate": "2026-06-04",
    "externalUrl": "https://advisorgroup.wd1.myworkdayjobs.com/Advisor_Career_Site/job/Scottsdale-AZ/Senior-Vulnerability-Management-Analyst_R0005025",
    "jobPostingId": "Senior-Vulnerability-Management-Analyst_R0005025",
    "jobDescription": "<h1><a href=\"https://www.myworkday.com/advisorgroup/d/home.htmld\" target=\"_blank\"><span class=\"emphasis-3\">Current Employees and Contractors Apply Here</span></a></h1><h1>Osaic Careers</h1><p><b>IT Vulnerability Opportunity in Financial Services </b></p><p><b>Senior Vulnerability Management Analyst </b></p><p></p><p><b>Location(s): </b></p><p>Atlanta: 2300 Windy Ridge Pkwy SE, Suite750, Atlanta, GA 30339</p><p>La Vista:12325 Port Grace Blvd, La Vista, NE 68128</p><p>Oakdale: 7755 3rd St. N, Oakdale, MN 55128</p><p>Scottsdale: 18700 N Hayden Rd, Suite 255, Scottsdale, AZ 85255</p><p>St. Petersburg: 877 Executive Center Dr. W, Suite 300, St. Petersburg, FL 33702</p><p></p><p>Osaic has returned to the office on a hybrid schedule requiring a minimum of 4 days weekly in the office. Applicants should be located at one of our hubs listed above and must be willing to work this schedule.</p><p></p><p><b>Role Type:        </b>Full-time, Non-Exempt</p><p></p><p><b>Salary:</b> $114,000 - $160,000 per year &#43; annual performance-based bonus</p><p>Actual compensation offered will be determined individually, based on a number of job-related factors, including location, skills, licensure, experience, and education.</p><p></p><p>Our competitive compensation is just one component of Osaic’s total compensation package. Additional benefits include health, vision, dental insurance, 401k, paid time away, volunteer days and much more. To view more details of what you can look forward to, visit our careers page: <a href=\"https://careers.osaic.com/Creative/Benefits\" target=\"_blank\">Osaic Benefits</a>.</p><p></p><p><b>Summary: </b></p><p></p><p>We’re seeking a <b>Senior Vulnerability Analyst</b> to lead and mature our enterprise vulnerability programs across <b>SDLC (secure development lifecycle), external attack surface</b>, and <b>internal infrastructure/applications</b>. This role drives end‑to‑end vulnerability lifecycle management, from discovery and risk triage to remediation validation and program metrics, while partnering closely with Engineering, Product, Cloud/SRE, and IT. You’ll also coordinate <b>penetration testing readiness</b>, evidence collection, and remediation plans, and help embed security into the development workflow. The ideal candidate has strong application development experience, practical threat modeling skills, and a pragmatic approach to risk.</p><p></p><p><b>Education Requirements: </b></p><p>Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.</p><p></p><p><b>Responsibilities: </b></p><ul><li>Lead vulnerability prioritization using CVSS, KEV, exploit intel, and asset criticality.</li><li>Partner with engineering and application teams to remove remediation blockers.</li><li>Own complex vulnerability investigations and coordinate cross-team resolution.</li><li>Mentor junior analysts and help improve internal processes.</li><li>Provide remediation guidance and secure configuration recommendations.</li><li>Help with <b>pen test pre‑work</b>: scope definition, rules of engagement, asset inventories, credential/test data coordination, and stakeholder comms.</li><li>Manage <b>findings intake</b>, severity validation, and <b>remediation plans</b> with accountable owners; track to closure and report to leadership.</li><li>Lead <b>lessons learned</b> and control improvements to reduce recurring issues and improve test efficiency.</li><li>Lead continuous reduction of <b>external attack surface</b>: internet‑exposed services, DNS, certificates, cloud perimeters, API endpoints, and third‑party exposures.</li><li>Partner with Cloud, SRE, and Networking to <b>harden configurations</b>, minimize unknown/legacy exposures, and validate fixes.</li><li>Partner with engineering to mature <b>SAST/DAST/IAST/OSS/SBOM</b> practices, secure build pipelines, and implement <b>“shift‑left”</b> controls (pre‑commit, PR gates, CI quality bars).</li><li>Guide <b>threat modeling</b>, security requirements, and <b>secure coding practices</b>; advise on remediation patterns and safer libraries/frameworks.</li><li>Review <b>architecture and code</b> for high‑risk components (authN/Z, crypto, secrets handling, supply chain, multi‑tenant boundaries).</li><li>All other duties as assigned.</li></ul><p></p><p></p><p><b>Basic Requirements: </b></p><ul><li>Deep technical/domain expertise and ability to lead initiatives.</li><li>Strong understanding of OS, cloud environments, and vulnerability lifecycles.</li><li>Partner with Detection &amp; Response to ensure <b>logging, alerting, and containment</b> strategies account for known weaknesses.</li><li>Target certifications: CISSP, GIAC (GSEC/GCIA/GCIH), CCSP.</li></ul><p></p><p><b>Preferred Requirements: </b></p><ul><li>Experience with KEV catalog operationalization and threat-intel integrations.</li><li>Knowledge of automation platforms</li></ul><h1><a href=\"https://www.myworkday.com/advisorgroup/d/home.htmld\" target=\"_blank\"><span class=\"emphasis-3\">Current Employees and Contractors Apply Here</span></a></h1>",
    "questionnaireId": "4cc2c5b4901501010c5761891dbd0000",
    "jobPostingSiteId": "Advisor_Career_Site",
    "includeResumeParsing": true,
    "jobRequisitionLocation": {
      "country": {
        "id": "bc33aa3152ec42d4995f4791a106ed09",
        "alpha2Code": "US",
        "descriptor": "United States of America"
      },
      "descriptor": "Scottsdale, AZ"
    }
  }
}