[Remote] Security Vulnerability Analyst

Note:The job is a remote job and is open to candidates in USA. National Student Clearinghouse is a nonprofit organization providing educational reporting and data exchange services. The Security Vulnerability Analyst plays a critical role in identifying and remediating security vulnerabilities across enterprise systems and cloud infrastructure, supporting the organization's cybersecurity posture. Responsibilities• Conduct vulnerability scans using enterprise-grade tools (e.g., Wiz, Microsoft Defender, GitLab integrations) across operating systems, applications, and cloud environments.• Analyze scan results to differentiate between true vulnerabilities and false positives, applying contextual knowledge and collaborating with engineering teams to validate findings. • Maintain and improve the vulnerability exception process, including documentation and workflows for justified exclusions. • Generate and present detailed reports on vulnerability trends, remediation status, and overall risk posture to stakeholders. • Collaborate with DevSecOps, Cloud Engineering, Network, and Infrastructure teams to assign ownership and prioritize remediation efforts based on severity, exploitability, and business impact.• Recommend enhancements to scanning configurations and detection logic to improve accuracy and reduce noise. • Support compliance initiatives by aligning vulnerability management practices with internal policies and industry standards such as NIST SP 800-40 and PCI DSS. • Assist in configuring and interpreting Web Application Firewall (WAF) data to identify vulnerabilities and reduce false positives. • Monitor emerging vulnerabilities and threat intelligence feeds to identify potential risks before they impact systems and recommend timely mitigation strategies.• Contribute to the development and refinement of vulnerability management policies, standards, and automation workflows to enhance program efficiency and scalability. • Perform other duties as assigned. Skills• Associates degree in Information Technology, Cybersecurity, or a related field. A combination of education and experience including military service will also be considered. • Minimum of 3 years of experience in vulnerability management, security operations, or a related role. • Proficiency in cloud platforms (AWS, Azure, GCP) for managing scalable infrastructure.• Experience with vulnerability management tools, especially Wiz; familiarity with Microsoft Defender and GitLab integrations is a plus. • Strong scripting skills in Python, Bash, or Go for automating tasks and supporting CI/CD pipelines. • Knowledge of system health and performance monitoring tools (e.g., Prometheus, Grafana, ELK stack); Datadog experience preferred. • Expertise in Git-based workflows and CI/CD tools such as Jenkins, GitLab CI, or GitHub Actions. • Ability to manage on-call rotations, perform root cause analysis, and lead post-mortem processes.• Strong diagnostic skills for resolving complex system issues. • Excellent communication and interpersonal skills for cross-functional collaboration. • Adaptability to evolving technologies and a proactive approach to learning new tools. • Solid understanding of Linux/Unix systems, networking fundamentals, and web architecture. • Familiarity with security practices including IAM least privilege, policy-as-code, secrets management, and audit logging; experience with Wiz is a plus. • Ability to measure and improve reliability using DORA and operational metrics (e.g., MTTR, deployment frequency).• Must live within a commutable distance to Herndon, VA or in one of the Clearinghouse's approved States for hiring purposes. • Must be currently authorized to work in the United States on a full-time basis. We do not intend to sponsor external applicants for work visas, and may consider sponsorship only if no qualified candidates can be found who are authorized to work without sponsorship. • Must be at least 18 years old. • Bachelor’s degree in computer science, cybersecurity, or a related discipline.• Industry certifications such as CompTIA Security+, CISSP, or GIAC. • Experience working in cloud environments (AWS, Azure, GCP). • Familiarity with compliance frameworks such as NIST, PCI DSS, or ISO 27001. Benefits• Comprehensive medical, dental, and vision insurance• Life and disability insurance benefits• Health care, dependent care, and limited purpose flexible spending accounts• Health savings account• 401k matching contribution program• Competitive paid leave program consisting of vacation, sick, and personal time• Paid holidays• Up to 3 weeks of paid parental leave during a 12-month period• Up to 5 days of paid military leave per calendar year• Reimbursed for basic wholesale company and roadside assistance memberships• Buy back on portions of unused accrued vacation• Employee Education Assistance Program• Enterprise-wide LinkedIn Learning subscription• Mental health and well-being benefitsCompany Overview• The Clearinghouse helps educational institutions improve efficiency, reduce costs and workload, and enhance the quality of service.It was founded in 1993, and is headquartered in Herndon, Virginia, USA, with a workforce of 201-500 employees. Its website is Apply tot his job