ZipRecruiter

Log In

1

Vulnerability Jobs (NOW HIRING)

Coalfire

Vulnerability Analyst

Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed * Collaborate with development, SRE, ...

AgreeYa Solutions

Vulnerability Engineer

Columbus, OH · On-site

Vulnerability Engineer Location: Columbus OH/ Westerville OH OR Phoenix AZ OR Chandler AZ * Experienced resource capable of independently leading cadence calls with engineers and analysts. * Able to ...

Coalfire

Vulnerability Analyst

Charleston, WV · Remote

Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed * Collaborate with development, SRE, ...

Keeper Security

Senior Vulnerability Engineer

$117K - $160K/yr

Description Keeper Security is hiring an experienced Senior Vulnerability Engineer to design, build, and scale enterprise vulnerability management capabilities across our cloud, application, and ...

AgreeYa Solutions

Vulnerability Eng.

Phoenix, AZ · On-site

Vulnerability Engineer Location: Phoenix AZ/ Westerville OH * Experienced resource capable of independently leading cadence calls with engineers and analysts. * Able to communicate effectively with ...

REDLattice

Vulnerability Researcher

Chantilly, VA · On-site

Our teams lead advanced vulnerability analysis and develop tailored cyber solutions to meet the demands of rapidly evolving mission space. With offices in Northern Virginia, Melbourne, Florida, Tel ...

Corporate Services

Sr. Vulnerability Analyst

Detroit, MI

$95K - $124K/yr

Senior Vulnerability Analyst is a key role in advancing vulnerability management throughout the HFHS enterprise through technical expertise with a focus on threat intelligence, vulnerability ...

Southern Company

Vulnerability Engineer

Atlanta, GA · On-site

Acts as the Windows vulnerability subject matter expert, overseeing remediation processes and continuously improving enterprise vulnerability management practices * Leads enterprise Windows OS and ...

Southern Company

Vulnerability Engineer

Atlanta, GA · On-site

Acts as the Windows vulnerability subject matter expert, overseeing remediation processes and continuously improving enterprise vulnerability management practices * Leads enterprise Windows OS and ...

next page

Showing results 1-20

All JobsVulnerability Jobs

Vulnerability information

See salary details

$37.5K

$107.9K

$143K

How much do vulnerability jobs pay per year?

As of Jun 25, 2026, the average yearly pay for vulnerability in the United States is $107,902.00, according to ZipRecruiter salary data. Most workers in this role earn between $94,000.00 and $117,500.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals working in vulnerability management roles?

Professionals in vulnerability management often face the challenge of keeping up with constantly evolving threats and newly discovered vulnerabilities. Prioritizing which vulnerabilities to address first, especially in large environments with thousands of potential risks, can be demanding. Collaborating with IT, development, and security teams to ensure timely remediation and maintaining clear communication about risk levels are also essential parts of the role. Additionally, balancing the need for quick patching with the risk of disrupting business operations requires careful judgment.

What is the difference between Vulnerability vs Penetration Tester?

AspectVulnerabilityPenetration Tester
Primary FocusIdentifying security weaknesses and vulnerabilities in systemsSimulating cyberattacks to exploit vulnerabilities and test defenses
CertificationsCompTIA Security+, CEH, OSCP (for some roles)OSCP, CEH, GPEN, CISSP (often overlapping)
Work EnvironmentSecurity analysis, vulnerability scanning, reportingActive testing, exploitation, reporting
Industry UsageSecurity assessment, risk managementSecurity testing, red teaming

Vulnerability specialists focus on identifying weaknesses in systems, while penetration testers actively exploit those vulnerabilities to assess security effectiveness. Both roles require similar certifications and work in cybersecurity, but their methods and objectives differ: vulnerability analysts aim to find issues, whereas penetration testers simulate attacks to evaluate defenses.

What are the key skills and qualifications needed to thrive as a Vulnerability Analyst, and why are they important?

To thrive as a Vulnerability Analyst, you need a solid understanding of network security, operating systems, and vulnerability assessment methodologies, typically supported by a degree in cybersecurity or IT and relevant certifications like CompTIA Security+ or CEH. Familiarity with tools such as Nessus, OpenVAS, Metasploit, and vulnerability management platforms is essential. Strong analytical thinking, attention to detail, and effective communication help in identifying risks and explaining findings to diverse stakeholders. These skills ensure timely detection and remediation of security weaknesses, protecting organizations from cyber threats.

What are vulnerability analysts?

Vulnerability analysts are cybersecurity professionals who identify, assess, and help remediate security weaknesses in computer systems, networks, and software. They use various tools and techniques to scan for vulnerabilities, analyze threats, and recommend solutions to mitigate risks. Their work is crucial in preventing cyberattacks and ensuring the security of organizational assets. Vulnerability analysts often collaborate with IT and security teams to prioritize and address vulnerabilities based on their potential impact.
More about Vulnerability jobs
What cities are hiring for Vulnerability jobs? Cities with the most Vulnerability job openings:
What are the most commonly searched types of Vulnerability jobs? The most popular types of Vulnerability jobs are:
What states have the most Vulnerability jobs? States with the most job openings for Vulnerability jobs include:
What job categories do people searching Vulnerability jobs look for? The top searched job categories for Vulnerability jobs are:
Vulnerability jobs near you
Infographic showing various Vulnerability job openings in the United States as of June 2026, with employment types broken down into 92% Full Time, 4% Part Time, and 4% Contract. Highlights an 85% Physical, 5% Hybrid, and 10% Remote job distribution, with an average salary of $107,902 per year, or $51.9 per hour.
Vulnerability Analyst

Vulnerability Analyst

Coalfire

Remote

Full-time

Posted 21 days ago

Job description

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.
But that's not who we are - that's just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
What You'll Do
  • Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders
  • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks
  • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries
  • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments
  • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed
  • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms
  • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture
  • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches
  • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation
  • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients
  • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures

What You'll Bring
  • 3-5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles
  • Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management
  • Direct experience supporting vulnerability management in at least two of the following cloud providers: AWS, Azure, GCP
  • Background working within at least one compliance framework (for example, FedRAMP, HITRUST, PCI), including risk assessment and reporting
  • Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams
  • Administrator-level certification in AWS, Azure, or GCP
  • Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including ability to assess attack surfaces and recommend cloud-native remediation approaches
  • Strong knowledge of vulnerability scanning technologies and methods, including scoring systems (CVSS, CMSS) and risk prioritization frameworks
  • Understanding of NIST 800-53 security controls, particularly RA-5, SI-2, CM-6, and how continuous monitoring supports control implementation
  • Experience with STIG benchmarks and automated compliance scanning tools (SCAP, SCC)
  • Familiarity with baseline configuration standards (CIS Benchmarks, vendor hardening guides) and compliance posture reporting
  • Ability to distinguish false positives from true vulnerabilities and articulate risk-based justifications for deviation requests
  • Proficiency in scripting languages (Python, PowerShell, Bash) for task automation, report generation, and remediation workflows
  • Strong client-facing communication and documentation skills, with ability to present technical findings to federal stakeholders and produce timely compliance reports
  • Ability to work efficiently with cross-functional technical teams to investigate, prioritize, and coordinate vulnerability remediation efforts
  • Bachelor's degree or equivalent work experience.
  • US citizenship (required due to client contractual requirements)

Bonus Points
  • Security-focused cloud certifications for AWS, Azure, or GCP
  • CISSP certification
  • Familiarity with container security scanning tools (Trivy, Anchore, Snyk) and Kubernetes security postures
  • Knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools
  • Familiarity with CI/CD security integration patterns and DevSecOps toolchains

$78,000 - $135,000 a year
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.
Why You'll Want to Join Us
At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively - whether you're at home or an office.
Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at [email protected].
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Apply