Note: The job is a remote job and is open to candidates in USA. TalentFish is a company focused on cybersecurity, and they are seeking a Vulnerability Management & Offensive Security Analyst. This role involves identifying, assessing, and remediating security vulnerabilities while collaborating with various teams and gaining exposure to penetration testing and security validation initiatives.
Responsibilities
- Perform enterprise vulnerability scans across servers, workstations, network devices, cloud environments, and applications
- Analyze scan results and prioritize vulnerabilities based on business risk and exploitability
- Partner with infrastructure, application, and business teams to coordinate remediation efforts
- Validate completed remediation activities and confirm vulnerabilities have been successfully resolved
- Maintain and optimize vulnerability scanning configurations and schedules
- Track vulnerability metrics and produce reporting for security leadership
- Document findings, recommendations, and remediation guidance
- Assist with penetration testing, offensive security assessments, and Red Team/Purple Team activities
- Research emerging vulnerabilities, attack techniques, and threat intelligence to improve detection and response
- Manage approved vulnerability exceptions and risk acceptance documentation
- Continuously improve vulnerability management processes, standards, and operational maturity
Skills
- Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related discipline (or equivalent professional experience)
- 3–5 years of experience in vulnerability management or cybersecurity
- Strong understanding of vulnerability management lifecycle, risk assessment, and remediation processes
- Experience working with enterprise vulnerability scanning platforms
- Knowledge of networking fundamentals, operating systems, cloud technologies, and web applications
- Excellent analytical, troubleshooting, documentation, and communication skills
- Ability to prioritize multiple security findings and coordinate remediation efforts across technical teams
- Experience with Rapid7 InsightVM or similar vulnerability management platforms
- Exposure to penetration testing or offensive security methodologies
- Security certifications such as Security+, CEH, GSEC, GPEN, or comparable certifications
- Experience participating in Red Team or Purple Team exercises
- Passion for learning offensive security techniques and emerging cyber threats
- Experience supporting healthcare or other highly regulated environments
- Familiarity with CVSS scoring, MITRE ATT&CK Framework, and Common Vulnerabilities and Exposures (CVE)
- Experience with scripting or automation (PowerShell, Python, or Bash)
- Knowledge of cloud security within Azure or AWS environments
Benefits
- Medical, dental, and vision insurance
- 401(k)
- Paid time off
- Additional company-sponsored benefits
Company Overview