[Remote] Security Vulnerability Analyst

Note: The job is a remote job and is open to candidates in USA. National Student Clearinghouse is a nonprofit organization that provides data and compliance solutions for education. The Security Vulnerability Analyst plays a critical role in identifying and remediating security vulnerabilities across enterprise systems and cloud infrastructure, supporting the organization's cybersecurity posture. Responsibilities • Conduct vulnerability scans using enterprise-grade tools (e.g., Wiz, Microsoft Defender, GitLab integrations) across operating systems, applications, and cloud environments • Analyze scan results to differentiate between true vulnerabilities and false positives, applying contextual knowledge and collaborating with engineering teams to validate findings • Maintain and improve the vulnerability exception process, including documentation and workflows for justified exclusions • Generate and present detailed reports on vulnerability trends, remediation status, and overall risk posture to stakeholders • Collaborate with DevSecOps, Cloud Engineering, Network, and Infrastructure teams to assign ownership and prioritize remediation efforts based on severity, exploitability, and business impact • Recommend enhancements to scanning configurations and detection logic to improve accuracy and reduce noise • Support compliance initiatives by aligning vulnerability management practices with internal policies and industry standards such as NIST SP 800-40 and PCI DSS • Assist in configuring and interpreting Web Application Firewall (WAF) data to identify vulnerabilities and reduce false positives • Monitor emerging vulnerabilities and threat intelligence feeds to identify potential risks before they impact systems and recommend timely mitigation strategies • Contribute to the development and refinement of vulnerability management policies, standards, and automation workflows to enhance program efficiency and scalability • Perform other duties as assigned Skills • Associates degree in Information Technology, Cybersecurity, or a related field. A combination of education and experience including military service will also be considered • Minimum of 3 years of experience in vulnerability management, security operations, or a related role • Proficiency in cloud platforms (AWS, Azure, GCP) for managing scalable infrastructure • Experience with vulnerability management tools, especially Wiz; familiarity with Microsoft Defender and GitLab integrations is a plus • Strong scripting skills in Python, Bash, or Go for automating tasks and supporting CI/CD pipelines • Knowledge of system health and performance monitoring tools (e.g., Prometheus, Grafana, ELK stack); Datadog experience preferred • Expertise in Git-based workflows and CI/CD tools such as Jenkins, GitLab CI, or GitHub Actions • Ability to manage on-call rotations, perform root cause analysis, and lead post-mortem processes • Strong diagnostic skills for resolving complex system issues • Excellent communication and interpersonal skills for cross-functional collaboration • Adaptability to evolving technologies and a proactive approach to learning new tools • Solid understanding of Linux/Unix systems, networking fundamentals, and web architecture • Familiarity with security practices including IAM least privilege, policy-as-code, secrets management, and audit logging; experience with Wiz is a plus • Ability to measure and improve reliability using DORA and operational metrics (e.g., MTTR, deployment frequency) • Must live within a commutable distance to Herndon, VA or in one of the Clearinghouse's approved States for hiring purposes • Must be currently authorized to work in the United States on a full-time basis. We do not intend to sponsor external applicants for work visas, and may consider sponsorship only if no qualified candidates can be found who are authorized to work without sponsorship • Must be at least 18 years old • Bachelor's degree in computer science, cybersecurity, or a related discipline • Industry certifications such as CompTIA Security+, CISSP, or GIAC • Experience working in cloud environments (AWS, Azure, GCP) • Familiarity with compliance frameworks such as NIST, PCI DSS, or ISO 27001 Benefits • Comprehensive medical, dental, and vision insurance • Life and disability insurance benefits • Health care, dependent care, and limited purpose flexible spending accounts • Health savings account with annual employer contributions of $300 for employees and $600 for employees who are enrolled with their spouse and/or dependents • Voluntary supplemental health plans for Accident and Hospital Indemnity coverage • Infertility coverage • 401k matching contribution program • Competitive paid leave program consisting of vacation, sick, and personal time • Paid holidays • Up to 3 weeks of paid parental leave during a 12-month period • Up to 5 days of paid military leave per calendar year • Up to 32 hours of accrued sick time as personal time • At least 15 paid holidays per year • Reimbursement for basic wholesale company and roadside assistance memberships • Buy back on portions of unused accrued vacation based on tenure and certain other qualifications • Employee Education Assistance Program • LinkedIn Learning subscription • Mental health with up to eight free therapy sessions for employees and their family members • Well-being reward benefits • Service credit towards the Public Service Loan Forgiveness program (PSLF) Company Overview • The Clearinghouse helps educational institutions improve efficiency, reduce costs and workload, and enhance the quality of service. It was founded in 1993, and is headquartered in Herndon, Virginia, USA, with a workforce of 201-500 employees. Its website is Apply tot his job