[Remote] Senior Security Analyst, Vulnerability Management at Vanta

United States

Apply Now

$139,000 – $164,000Compensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Compliance, Cloud SecurityIndustries

Requirements

4+ years of experience in information security or vulnerability management roles, with 2+ years in a FedRAMP environment
Deep understanding of FedRAMP controls and ConMon/POA&M reporting processes
Strong experience with vulnerability management tools (e.g., Tenable/Nessus, AWS-native tools, SAST, DAST, and related tools)
Familiarity with cloud-native environments (especially AWS) and CI/CD pipelines
Proven ability to triage vulnerabilities based on severity, risk, and context, and align with remediation timelines
Clear, concise communicator—able to collaborate with both technical and non-technical teams and provide context to compliance stakeholders
Highly organized with excellent documentation skills
Experience with Jira and GRC platforms a plus

Responsibilities

Lead the vulnerability management program for Vanta’s FedRAMP-authorized systems and environments
Perform analysis, prioritization, and tracking of vulnerabilities from internal tools, external assessments, and our bug bounty program (e.g. Semgrep, Tenable, etc.)
Coordinate remediation timelines with engineering and infrastructure teams in alignment with defined SLAs
Work with the GRC team to develop, manage, and maintain Plan of Actions & Milestones (POA&Ms), ensuring completeness, accuracy, and timeliness
Support monthly and quarterly FedRAMP continuous monitoring (ConMon) activities including monthly authenticated scans, reporting, and updates stakeholders
Create and maintain documentation and dashboards for vulnerability status, POA&M metrics, and compliance reporting
Partner with compliance teams to ensure alignment with SSPs, audit readiness, and risk tracking
Assist with incident response and root cause analysis if a vulnerability leads to an exposure
Assist with investigating discovered vulnerabilities to determine exploitation
Recommend improvements in scanning processes, tooling, and communication workflows

Skills

Key technologies and capabilities for this role

Vulnerability ManagementFedRAMPConMonPOA&MSemgrepTenableGRCContinuous MonitoringBug BountySLA ManagementCompliance Reporting

Questions & Answers

Common questions about this position

What is the salary range for the Senior Security Analyst role?

The salary range is $139K - $164K.

Is this position remote?

Yes, the position is remote.

What skills and experience are required for this role?

Candidates need 4+ years in information security or vulnerability management, with 2+ years in FedRAMP environments, deep understanding of FedRAMP controls and ConMon/POA&M processes, strong experience with tools like Tenable/Nessus and AWS-native tools, and familiarity with cloud-native AWS environments and CI/CD pipelines.

What is the company culture like at Vanta?

Vanta has a kind and talented team, and many team members have succeeded without prior security experience.

What makes a candidate successful in this role?

Success requires proven ability to triage vulnerabilities based on severity, risk, and context, align with remediation timelines, and be a clear, concise communicator who collaborates well with technical and non-technical teams, along with being highly organized.

Vanta

Automates SOC 2 compliance for businesses

About Vanta

Vanta simplifies the process of obtaining and maintaining SOC 2 certification, which is essential for organizations that manage sensitive customer data. The company offers a software-as-a-service (SaaS) platform that automates numerous checks to ensure that security controls are effective and compliant with industry standards. This automation helps small to medium-sized enterprises (SMEs) and tech companies monitor risks and vulnerabilities continuously, significantly reducing the time and cost associated with achieving SOC 2 compliance. Vanta's subscription-based model provides clients with a more efficient and cost-effective way to maintain compliance compared to traditional methods. The goal of Vanta is to transform the compliance process, allowing organizations to focus on their core operations while enhancing their security posture.

San Francisco, CaliforniaHeadquarters

2018Year Founded

$343.4MTotal Funding

SERIES_CCompany Stage

Enterprise Software, CybersecurityIndustries

501-1,000Employees

Benefits

100% Benefits Coverage

Flexible & Remote Work

Paid Parental Leave

Unlimited PTO

Health & Wellness

401(k)

Risks

Emerging competitors like ComplyCube could challenge Vanta's market position.

Healthcare data breaches may increase demand for more robust security measures.

Reliance on partnerships like HITRUST poses risks if standards evolve significantly.

Differentiation

Vanta automates up to 90% of audit preparation, reducing compliance costs significantly.

The platform offers real-time insights, enhancing trust and streamlining security reviews.

Vanta's HITRUST e1 solution automates 80% of requirements, ensuring continuous compliance.

Upsides

Vanta secured $150M in Series C funding, boosting its growth potential.

Partnership with HITRUST enhances Vanta's credibility in the healthcare sector.

Rising demand for automated compliance solutions supports Vanta's market expansion.

Land your dream remote job 3x faster with AI

Try Jobo Free