Cybersecurity Vulnerability Analyst

Summary: The Cybersecurity Operations Vulnerability Analyst is responsible for configuring, executing, analyzing, and reporting all aspects of the firm’s Vulnerability Management program. Reporting to the Director of Cybersecurity Operations, this role will be responsible for the daily execution of vulnerability scans on premise and in the cloud, consolidation of scanning results, and coordination with functional stakeholders to remediate findings. This role will serve as the analytical focal point for the firm’s vulnerability management program. Duties & Responsibilities:

• Leverage threat intelligence feeds and vulnerability management tools to identify vulnerabilities across endpoints, servers, and applications and triage assessments based on likelihood and impact of vulnerability information on the Covington environment.
• Collaborate with internal business units throughout the vulnerability management lifecycle.
• Apply foundational cybersecurity and networking knowledge to analyze risk and support security operations, including understanding common vulnerability types, attack lifecycles and tactics, and core networking concepts such as protocols, services, and attack techniques. Leverage awareness of compensating controls, layered defenses, and the broader threat landscape to contextualize vulnerabilities, assess potential impact, and support informed remediation.
• Apply foundational risk management concepts to assess and contextualize security issues, including understanding risk terminology, risk appetite, attack surface, and risk treatment options. Evaluate vulnerabilities using likelihood and impact considerations, apply threat modeling concepts to understand potential attack paths, and support informed risk based decision making across security operations and remediation efforts.
• Leverage internal ticketing and communication systems to manage and track security related work, ensuring accurate documentation, clear timelines, and adherence to remediation SLAs, while maintaining situational awareness, applying appropriate follow up cadence, and escalating emerging risks or threats to leadership with clear articulation of impact and urgency through professional and timely communication.
• Apply sound judgment and attention to detail to assess security issues, prioritize work, communicate clearly and professionally, maintain situational awareness of threat activity, and contribute collaboratively while demonstrating initiative and flexibility.
• Follow and maintain documented procedures, stay current on policies and tooling, identify and document process gaps, contribute to VM program documentation, and support operations through accurate metric reporting as needed.
• Follow change management and patch management lifecycles.
• Leverage internal CMDB and other asset tracking solutions to map vulnerabilities and triage efforts.
• Perform additional duties as appropriate to support the CISO-org.
• Uphold high standards of confidentiality, discretion, and integrity, particularly with respect to all sensitive and/or confidential firm and client information to which this position will have access.

Qualifications:

• Minimum of 3 years’ experience as a Vulnerability Analyst OR minimum of 5 years’ experience in Information Security, Penetration/Offensive testing, and/or Cybersecurity professional role with core responsibilities in Vulnerability Management.
• Communicates clearly and professionally in both written and verbal contexts and shows intellectual curiosity by identifying knowledge gaps and pursuing deeper understanding.
• Demonstrates critical thinking and analytical skills, with the ability to independently assess situations, apply investigative methods, and draw reasonable conclusions.
• Exhibits strong attention to detail when working with tickets and complex or technical information, paired with effective time management and task prioritization.
• Works collaboratively within a team environment, contributes to shared problem solving and knowledge sharing, and demonstrates flexibility.
• Knowledge of common vulnerability types such as CVEs, End-of-life/Support, misconfiguration, design flaws, supply chain and dependencies, architectural, administrative, and human vulnerability.
• Hands-on experience with vulnerability scanners.
• Knowledge and use of risk assessment frameworks such as OCTAVE preferred.
• Bachelor’s degree in computer science, information systems, cybersecurity or related field optional.
• GIAC, ISACA, CompTIA, and/or ISC2 technical certifications are preferred.
• Position requires access to equipment, software, or technology that is subject to U.S. export controls. To be granted access pursuant to US Export Control laws, candidate must be either (

Apply tot his job Apply To this Job