High Risk Security Jobs in Arizona (NOW HIRING)

Role : RemOps - InfoSec
Location : Phoenix AZ (onsite 3 days in office)
Overview:
The Information Security Analyst for the Remediation Operations team is responsible for evaluating security exceptions, assessing associated risk, and driving remediation of critical and high-risk vulnerabilities across applications and platforms. This role operates within the Application Security and Infrastructure Security ecosystem, ensuring adherence to Enterprise Vulnerability standards and reducing enterprise risk exposure.
Key Responsibilities:
Exception Review & Risk Assessment
• Review and assess security exception requests for compliance with Enterprise Vulnerability standards and supporting policies.
• Validate business justifications, compensating controls, and risk responses (Mitigate, Accept, Transfer, Avoid).
• Ensure exceptions align with the Exceptions Management Program and include required documentation and leadership approvals.
• Challenge insufficient or unjustified exceptions, prioritizing remediation over risk acceptance.
Vulnerability Governance & Remediation Oversight
• Monitor and track critical and high vulnerabilities across application and infrastructure portfolios.
• Enforce remediation timelines in accordance with defined Service Level Objectives (SLOs).
• Ensure vulnerabilities exceeding SLOs are either remediated or formally documented via approved exceptions.
• Validate remediation through coordination with security tooling, rescans, or evidence-based confirmation.
Stakeholder Engagement & Reach-Out
• Proactively engage application and platform owners with critical risk exposure or past-due vulnerabilities.
• Communicate risk clearly, including exploitability, business impact, and compliance implications.
• Drive accountability through follow-ups, escalation paths, and alignment with leadership where required.
• Support application teams in understanding remediation options and security requirements.
Security Tooling & Data Analysis
• Leverage results from enterprise security tools (e.g., SAST, DAST, SCA, IRIS, Tenable, API security tools) to identify and track vulnerabilities.
• Analyze risk metrics, dashboards, and reports (e.g., Application Health, vulnerability reports) to prioritize actions.
• Correlate findings across tools to identify systemic risk patterns and recurring issues.
Policy & Standards Alignment
• Ensure adherence to:
• Application Security Policy
• Enterprise Vulnerability Standard
• Application Vulnerability Management Procedure
• Interpret and translate policy requirements into actionable guidance for engineering teams.
• Identify gaps or non-compliance and recommend corrective actions.
Continuous Threat Exposure Management (CTEM) Support
• Contribute to continuous risk identification, prioritization, and validation efforts.
• Support risk-based prioritization using exploitability, asset criticality, and exposure context.
• Assist in reducing attack surface and improving overall security posture.
Required Qualifications
Technical & Security Expertise
• Strong understanding of:
• Application Security (OWASP Top 10, secure coding practices)
• Vulnerability management lifecycle and risk-based prioritization
• Security testing methodologies (SAST, DAST, SCA, API security)
• Familiarity with enterprise security tools and platforms
• Ability to interpret vulnerability data, CVSS scoring, and exploitability context.
Risk & Governance Knowledge
• Experience with security exceptions management and risk acceptance processes.
• Understanding of SLO-driven remediation and escalation models.
• Ability to assess compensating controls and residual risk.
Communication & Stakeholder Management
• Ability to engage technical and non-technical stakeholders effectively.
• Strong written and verbal communication skills for risk articulation and escalation.
• Experience driving remediation through influence rather than authority.
Preferred Qualifications
• Experience within financial services or highly regulated environments.
• Familiarity with Enterprise Vulnerability Management or similar enterprise security frameworks.
• Exposure to CTEM practices and risk-based security operations.
• Experience working with cloud, APIs, or distributed systems.
Key Success Metrics
• Reduction in critical/high vulnerabilities past SLO
• Decrease in exception volume and aging exceptions
• Improved application security posture
• Timely engagement and remediation outcomes with application teams
• Quality and completeness of exception reviews and risk assessments
Role Positioning
This role is not a passive reviewer. It is an active risk driver responsible for:
• Enforcing security standards
• Driving remediation outcomes
• Preventing misuse of exceptions as a substitute for fixing risk