Lead Vulnerability Management Analyst

Role Summary

The Lead Vulnerability Management Analyst is responsible for overseeing the identification, assessment, prioritization, and remediation coordination of security vulnerabilities across the organization’s technology environment. This role provides technical leadership in vulnerability management operations, partners closely with infrastructure, application, cloud, and security teams, and helps drive continuous improvement of the organization’s security posture.

The ideal candidate combines deep technical knowledge of vulnerability management practices with strong leadership, communication, and risk-based decision-making skills.

Responsibilities

• Lead the enterprise vulnerability management program, including vulnerability scanning, analysis, prioritization, reporting, and remediation tracking.
• Review and validate vulnerability scan results from infrastructure, endpoints, applications, containers, cloud platforms, and other technology assets.
• Analyze vulnerabilities for exploitability, business impact, and remediation urgency using risk-based methodologies.
• Partner with IT, engineering, application development, cloud, and infrastructure teams to coordinate remediation activities and reduce risk.
• Establish and maintain vulnerability management processes, standards, procedures, and service level expectations.
• Provide guidance on remediation strategies, compensating controls, and exception handling where immediate remediation is not feasible.
• Monitor emerging threats, zero-day vulnerabilities, and industry advisories to assess organizational exposure and recommend response actions.
• Lead efforts to improve scanning coverage, asset visibility, reporting accuracy, and remediation effectiveness.
• Develop and present metrics, dashboards, and executive-level reporting on vulnerability trends, remediation performance, and risk posture.
• Support internal and external audits, regulatory requirements, and security assessments related to vulnerability management.
• Collaborate with incident response, threat intelligence, security operations, and governance teams to align vulnerability priorities with active threats and business risk.
• Mentor junior analysts and provide technical leadership across vulnerability assessment and remediation efforts.
• Evaluate and optimize vulnerability management tools, integrations, and automation capabilities.

Qualifications

Required:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field; or equivalent practical experience.
• 6+ years of experience in cybersecurity, with significant experience in vulnerability management, security operations, or infrastructure/application security.
• Strong understanding of vulnerability assessment tools and platforms such as Tenable, Qualys, Rapid7, or similar solutions.
• Experience analyzing vulnerabilities across operating systems, networks, databases, applications, cloud environments, and containers.
• Knowledge of CVSS, Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and risk-based vulnerability prioritization.
• Familiarity with enterprise operating environments including Windows, Linux, cloud platforms, virtualization, and network technologies.
• Experience working with remediation teams to drive issue resolution in complex enterprise environments.
• Strong written and verbal communication skills, including the ability to explain technical findings to non-technical stakeholders.
• Demonstrated ability to lead initiatives, influence cross-functional teams, and manage competing priorities.

Preferred:

• Relevant certifications such as CISSP, GIAC, Security+, GSEC, GPEN, or similar.
• Experience with cloud security and vulnerability management in AWS, Azure, or Google Cloud environments.
• Familiarity with DevSecOps practices, container security, and CI/CD pipeline scanning.
• Experience with scripting or automation using Python, PowerShell, Bash, or similar languages.
• Knowledge of regulatory and compliance frameworks such as NIST, ISO 27001, CIS Controls, PCI DSS, or SOX.
• Experience with ticketing, workflow, and reporting tools such as ServiceNow, Jira, Power BI, or Tableau.

Key Competencies:

• Technical leadership
• Risk-based decision making
• Analytical problem solving
• Cross-functional collaboration
• Process improvement
• Executive communication
• Attention to detail
• Operational accountability

Success Measures:

• Reduction in critical and high-risk vulnerabilities across the environment
• Improvement in remediation timeliness and SLA performance
• Increased vulnerability scanning coverage and asset visibility
• Quality and clarity of reporting to technical and executive stakeholders
• Strong partnership with infrastructure, engineering, and application teams
• Maturity improvements in the vulnerability management program

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

Important Note: This role typically operates in a hybrid office and remote environment and may require occasional after-hours support for critical vulnerability response activities.

Base Salary Ranges

Please review the job posting for the location of this specific opportunity.

$122,000.00 - $209,000.00 for the location of: Maryland, Colorado, Washington and remote workers
$135,000.00 - $230,000.00 for the location of: Washington, D.C.
$153,000.00 - $261,000.00 for the location of: New York, California

Placement within the range provided above is based on the individual’s relevant experience and skills for the role.  Base salary is only one component of our total compensation package.  Employees may be eligible for a discretionary bonus, which is determined upon company and individual performance.

Commitment to Diversity, Equity, and Inclusion

At T. Rowe Price, our associates are our greatest asset. We thrive because our company culture is built on inclusion and because we sustain a work environment where associates can bring their best selves to work every day. The backgrounds, talents, and experiences of our global associates allow us to embrace new ideas and perspectives that move our business priorities forward and enable us to deliver strong client outcomes. Here, you can expect equal opportunity and fair and consistent treatment for all. 

Benefits

T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.