ZipRecruiter

Log In

2

Remote Vulnerability Analyst Jobs (NOW HIRING)

Coalfire

Vulnerability Analyst

Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments * Translate technical vulnerability findings into risk-based ...

Coalfire

Vulnerability Analyst

Charleston, WV · Remote

Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments * Translate technical vulnerability findings into risk-based ...

Ntiva

Vulnerability Management Analyst

Mclean, VA · On-site +1

How you'll make an Impact As a Vulnerability Management Analyst, you support Security Engineers by ... This is a hybrid-remote role with approximately 5% on-site work at client sites throughout the US ...

Ntiva

Vulnerability Management Analyst

Mclean, VA · On-site +1

How you'll make an Impact As a Vulnerability Management Analyst, you support Security Engineers by ... This is a hybrid-remote role with approximately 5% on-site work at client sites throughout the US ...

Dragos, Inc.

Senior Software Engineer

Hanover, MD · Remote

$121K - $160K/yr

We're a remote-first culture with operations in North America, Europe, the Middle East, and APAC ... Dragos is seeking a highly skilled Senior Software Engineer to join our Vulnerability Analysis ...

Keeper Security

Senior Vulnerability Engineer

$117K - $160K/yr

This is a 100% remote position, with an opportunity to work a hybrid schedule for candidates based ... Create dashboards and analytics to track vulnerability exposure, remediation SLAs, and risk trends

next page

Showing results 1-20

All JobsRemote Vulnerability Analyst Jobs

Remote Vulnerability Analyst information

See salary details

$31K

$73.3K

$130K

How much do remote vulnerability analyst jobs pay per year?

As of Jun 17, 2026, the average yearly pay for remote vulnerability analyst in the United States is $73,261.00, according to ZipRecruiter salary data. Most workers in this role earn between $52,500.00 and $87,000.00 per year, depending on experience, location, and employer.

What is a Remote Vulnerability Analyst?

A Remote Vulnerability Analyst is a cybersecurity professional who identifies, assesses, and helps mitigate security vulnerabilities in an organization's digital systems, typically while working from a remote location. They analyze networks, applications, and other IT assets to find weaknesses that could be exploited by cyber attackers. Their responsibilities often include conducting vulnerability scans, reviewing security reports, and collaborating with IT teams to recommend solutions. This role is crucial for proactively protecting sensitive data and ensuring the overall security posture of an organization.

What are the key skills and qualifications needed to thrive as a Remote Vulnerability Analyst, and why are they important?

To thrive as a Remote Vulnerability Analyst, you need a strong understanding of cybersecurity principles, vulnerability assessment methodologies, and relevant security frameworks, typically backed by a degree in cybersecurity or related field. Familiarity with tools such as Nessus, Qualys, Burp Suite, and certifications like CEH or CompTIA Security+ are commonly required. Analytical thinking, attention to detail, and effective remote communication are essential soft skills for success in this position. These skills and qualities are crucial for accurately identifying and mitigating security risks, ensuring the protection of organizational assets in a remote work environment.

What is the difference between Remote Vulnerability Analyst vs Remote Security Analyst?

AspectRemote Vulnerability AnalystRemote Security Analyst
CertificationsCompTIA Security+, CEH, OSCPCompTIA Security+, CISSP, CEH
Work EnvironmentRemote, cybersecurity teams, vulnerability managementRemote, security operations centers, incident response
Industry UsageIT, cybersecurity firms, large enterprisesIT, government, financial institutions

Remote Vulnerability Analysts focus on identifying and assessing security weaknesses in systems, while Remote Security Analysts handle broader security monitoring, incident response, and policy enforcement. Both roles require similar certifications and often work remotely within cybersecurity teams, but their core responsibilities differ in scope and focus.

What are some common challenges faced by Remote Vulnerability Analysts and how can they be addressed?

Remote Vulnerability Analysts often encounter challenges such as maintaining effective communication with on-site teams, staying updated with rapidly evolving security threats, and managing multiple vulnerability assessments simultaneously. To overcome these, it's important to utilize collaborative tools, participate in regular virtual meetings, and stay engaged with industry news and professional development. Building strong relationships with other cybersecurity professionals and leveraging automation tools can also help streamline workflows and ensure timely vulnerability remediation.
More about Remote Vulnerability Analyst jobs
What cities are hiring for Remote Vulnerability Analyst jobs? Cities with the most Remote Vulnerability Analyst job openings:
What are the most commonly searched types of Vulnerability Analyst jobs? The most popular types of Vulnerability Analyst jobs are:
What states have the most Remote Vulnerability Analyst jobs? States with the most job openings for Remote Vulnerability Analyst jobs include:
What job categories do people searching Remote Vulnerability Analyst jobs look for? The top searched job categories for Remote Vulnerability Analyst jobs are:
Remote Vulnerability Analyst jobs near you
Infographic showing various Remote Vulnerability Analyst job openings in the United States as of June 2026, with employment types broken down into 27% Full Time, 66% Part Time, and 7% Contract. Highlights an 80% Physical, 6% Hybrid, and 14% Remote job distribution, with an average salary of $73,261 per year, or $35.2 per hour.
Vulnerability Analyst

Vulnerability Analyst

Coalfire

Remote

Full-time

Posted 13 days ago

Job description

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.
But that's not who we are - that's just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
What You'll Do
  • Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders
  • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks
  • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries
  • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments
  • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed
  • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms
  • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture
  • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches
  • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation
  • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients
  • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures

What You'll Bring
  • 3-5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
  • Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management
  • Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP
  • Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting
  • Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams
  • Administrator-level certification in AWS, Azure, or GCP
  • Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including ability to assess attack surfaces and recommend cloud-native remediation approaches
  • Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks
  • Understanding of NIST 800-53 security controls, particularly RA-5, SI-2, CM-6, and how continuous monitoring supports control implementation
  • Experience with STIG benchmarks and automated compliance scanning tools (SCAP, SCC)
  • Familiarity with baseline configuration standards (CIS Benchmarks, vendor hardening guides) and compliance posture reporting
  • Ability to distinguish false positives from true vulnerabilities and articulate risk-based justifications for deviation requests
  • Proficiency in scripting languages (Python, PowerShell, Bash) for task automation, report generation, and remediation workflows
  • Strong client-facing communication and documentation skills, with ability to present technical findings to federal stakeholders and produce timely compliance reports
  • Ability to work efficiently with cross-functional technical teams to investigate, prioritize, and coordinate vulnerability remediation efforts
  • Bachelor's degree or equivalent work experience.
  • US citizenship (required due to client contractual requirements)

Bonus Points
  • Security-focused cloud certifications for AWS, Azure, or GCP
  • CISSP certification
  • Familiarity with container security scanning tools (Trivy, Anchore, Snyk) and Kubernetes security postures
  • Knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools
  • Familiarity with CI/CD security integration patterns and DevSecOps toolchains

$78,000 - $135,000 a year
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.
Why You'll Want to Join Us
At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively - whether you're at home or an office.
Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at [email protected].
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Apply