ZipRecruiter

Log In

1

Cyber Security Vulnerability Analyst Jobs (NOW HIRING)

Coalfire

Vulnerability Analyst

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team ... Analyze scan results for false positives, document justifications, and prepare deviation requests ...

Booz Allen Hamilton

Vulnerability Analyst

Rockville, MD · On-site

$69K - $158K/yr

Serve as a Vulnerability and Threat Analyst responsible for supporting an enterprise cybersecurity program through continuous monitoring, vulnerability identification, risk analysis, and remediation ...

Coalfire

Vulnerability Analyst

Charleston, WV · Remote

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team ... Analyze scan results for false positives, document justifications, and prepare deviation requests ...

next page

Showing results 1-20

All JobsCyber Security Vulnerability Analyst Jobs

Cyber Security Vulnerability Analyst information

See salary details

$43K

$99.4K

$150K

How much do cyber security vulnerability analyst jobs pay per year?

As of Jun 9, 2026, the average yearly pay for cyber security vulnerability analyst in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Vulnerability Analyst, and why are they important?

To thrive as a Cyber Security Vulnerability Analyst, you need a solid understanding of network security, vulnerability assessment methodologies, and a background in information technology or computer science. Familiarity with tools like Nessus, Qualys, and Metasploit, as well as certifications such as CompTIA Security+ or CEH, is highly beneficial. Strong analytical thinking, attention to detail, and effective communication skills help analysts identify risks and convey findings to both technical and non-technical stakeholders. These skills ensure vulnerabilities are accurately discovered, prioritized, and addressed to protect organizational assets from cyber threats.

What is the difference between Cyber Security Vulnerability Analyst vs Penetration Tester?

AspectCyber Security Vulnerability AnalystPenetration Tester
CertificationsCompTIA Security+, CEH, CISSPOSCP, CEH, GPEN
Work EnvironmentAnalyzes systems for vulnerabilities, reports findingsSimulates attacks to test security defenses
Employer & Industry UsageCommon in IT security teams across various industriesOften hired for security assessments and audits

While both roles focus on cybersecurity, a Cyber Security Vulnerability Analyst primarily identifies and reports vulnerabilities, whereas a Penetration Tester actively exploits weaknesses to test security measures. The analyst's role is more about assessment and documentation, while the tester simulates real-world attacks to evaluate defenses.

What does a Cyber Security Vulnerability Analyst do?

A Cyber Security Vulnerability Analyst is responsible for identifying, assessing, and prioritizing security vulnerabilities in computer systems, networks, and software. They use specialized tools to scan for weaknesses, analyze security risks, and recommend mitigation strategies to protect against cyber threats. Their work is crucial in helping organizations prevent data breaches and maintain strong security postures by proactively addressing potential points of exploitation.

What are some common challenges faced by Cyber Security Vulnerability Analysts when prioritizing vulnerabilities for remediation?

Cyber Security Vulnerability Analysts often face the challenge of balancing limited resources with the need to address a high volume of vulnerabilities. Prioritization must consider factors like the severity of the vulnerability, the criticality of affected systems, and potential business impact. Analysts work closely with IT and development teams to ensure patches and mitigations are deployed effectively, often under tight deadlines and with evolving threat landscapes. Communication and collaboration skills are essential, as conveying risk to non-technical stakeholders is a key part of the role.
More about Cyber Security Vulnerability Analyst jobs
What cities are hiring for Cyber Security Vulnerability Analyst jobs? Cities with the most Cyber Security Vulnerability Analyst job openings:
What job categories do people searching Cyber Security Vulnerability Analyst jobs look for? The top searched job categories for Cyber Security Vulnerability Analyst jobs are:
Cyber Security Vulnerability Analyst jobs near you
Infographic showing various Cyber Security Vulnerability Analyst job openings in the United States as of June 2026, with employment types broken down into 2% Locum Tenens, 93% Full Time, and 5% Contract. Highlights an 80% Physical, 6% Hybrid, and 14% Remote job distribution, with an average salary of $99,400 per year, or $47.8 per hour.
CyberSecurity - Vulnerability Assessment Analyst II

CyberSecurity - Vulnerability Assessment Analyst II

Agile Defense

Huntsville, AL

Other

Posted 5 days ago

Job description

About Agile Defense
 
At Agile Defense we know that action defines the outcome and new challenges require new solutions. That's why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.
 
Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility-leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation's vital interests.

Requisition #: 1642
Job Title: CyberSecurity - Vulnerability Assessment Analyst II
Location: Huntsville, AL
Clearance Level: Secret, Must Have Clearance to Start
Required Certification(s): IAT2
Job Description
Role Overview
 
The Vulnerability Assessment Analyst II is responsible for identifying, analyzing, and reporting on cybersecurity vulnerabilities across Department of the Army and DoD enterprise networks. This mission-critical role involves utilizing DoD-approved scanning tools to evaluate network enclaves, hardware, and software, ensuring compliance with strict security configurations and assisting engineering teams with remediation strategies to defend against cyber threats.
 
Duties and Responsibilities:
 
Vulnerability Scanning
  • Execute routine and ad-hoc vulnerability, compliance, and discovery scans using DoD-mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker.
Analysis & Reporting
  • Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership.
Mitigation & Remediation
  • Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies.
Compliance & Directives
  • Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives.
Tool & Infrastructure Management
  • Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment.
Other Duties:
  • Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
  • Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
  • Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts.
Education and Background
  • Typically has a bachelor degree, and 2-3 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required.
  • Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field.
  •  DoD Directive Compliance: Must meet DoD 8140/8570.01-M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent).
Years of Experience
Experience: 2-3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment.
 
Required Skills
  • Technical Proficiency: Hands-on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset.
  • RMF & POA&M Management: Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&Ms) for IT systems. Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer-utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained.
  • Technical Oversight: Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best-practice remediations to the Customer verbally and in formal written formats.
  • Continuous Monitoring: Deep understanding and working familiarity with Continuous Monitoring (CONMON) practices, policies, and execution is required.
Preferred Skills
  • Advanced Certifications: Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), or ACAS-specific training certificates.
  • Army Specific Systems: Familiarity with Army-specific cyber regulations (e.g., AR 25-2).
  • Automation & Scripting: Experience using PowerShell, Python, or Bash to automate vulnerability data parsing or compliance checking.
  • Process Optimization: Demonstrated ability to evaluate and recommend automation capabilities to processes to formalize and standardize validation and reporting, as well as design innovative approaches to displaying data analytics for an in-depth understanding of potential issues related to the Customer's Systems.
  • Project & Team Dynamics: Experience with Agile project management methodologies, DoD Records Management tenets, and the ability to innovate in a highly fluid, fast-paced environment.
Working Conditions
Onsite 5 days per week during Core Business hours. Working directly with the Customer and other Contractors to ensure exceptional service delivery.
Our Core Values
 
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. 
 
What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.
 
  • Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.
  • Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.
  • Honest - Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.
  • Humble - Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.
  • Hungry - Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.
  • Hustle - Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.
 
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
apply for this job

Apply