Security Operations Vulnerability Analyst II

As a Security Operations Vulnerability Analyst II, you will play a critical role in safeguarding enterprise systems by identifying, assessing, and mitigating security vulnerabilities. You will work closely with the Security Operations team to ensure timely detection and remediation of risks, minimizing impact and restoring operations quickly. In addition, you will collaborate with Threat Intelligence teams to apply knowledge of attacker tactics, techniques, and procedures (TTPs) to prioritize vulnerabilities and strengthen defenses. Success in this role requires technical expertise, strong analytical skills, and a deep understanding of cybersecurity principles and frameworks.

Outcomes and Activities:

• This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.
• Perform ongoing vulnerability scans to enable risk management and mitigation
• Maintain the unified vulnerability platform
• Validate scan results and assist in remediation coordination with engineering teams
• Apply CVSS scoring and risk prioritization based on exploitability and business impact.
• Maintain an accurate asset inventory for vulnerability tracking
• Collaborate with Threat Intelligence to integrate attacker TTPs into vulnerability prioritization
• Prepare operational reports and escalate high-risk findings
• Support compliance checks against internal and regulatory standards
• Support implementing secure configuration baselines for specific technologies.
• Participate in incident investigations to provide vulnerability context and recommendations.
• Leverage multiple vulnerability data sources – including scans, penetration tests, and compliance reports – to analyze and prioritize risks
• Collaborate with DFIR and threat intel analysts to enable treat hunting
• Monitor and respond to alerts as part of a 24/7 Security Operations Center
• Report outages or incidents following guidelines and procedures
• Detect, analyze, and respond to incidents; coordinate containment, eradication, and recovery
• Serve on the rotational 24/7 escalation point for the team

Competencies:

• Customer Empathy: Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer’s shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.
• Engineering Excellence: Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.
• One Team: A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.
• Owner’s Mindset: Owner’s Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.

Requirements:

• Bachelor’s degree in computer science, Information Systems, or closely related field of study or equivalent experience
• Minimum 2 years of experience in vulnerability management, security operations, or related cybersecurity roles
• Hands-on experience with vulnerability scanning tools and reporting platforms

Preferred:

• CompTIA: Cybersecurity Analyst (CySA), Security +, CompTIA Advanced Security Practitioner (CASP+), or equivalent
• Prior experience as a SOC Analyst or in Security Operations
• Exposure to Threat Hunting or proactive detection activities
• Familiarity with SIEM platforms and alert triage processes
• Knowledge of scripting for automation (Python, PowerShell)

• Experience collaborating with Incident Response and Threat Intelligence teams

Knowledge and Skills:

• Proficiency with vulnerability scanning tools such as Qualys, Nessus, Rapid7 and SOC workflows
• Strong understanding of CVSS scoring, patch management, and risk assessment methodologies
• Familiarity with security frameworks such as NIST CSF, CIS Benchmarks, and MITRE ATT&CK
• Knowledge of vulnerability management lifecycle, remediation best practices, and asset inventory tracking
• Experience with Threat Intelligence and attacker TTPs integration
• Ability to interpret data from discovery and vulnerability scans, penetration tests, and compliance reports
• Familiarity with DFIR (Digital Forensics and Incident Response) and threat hunting methodologies
• Experience in incident detection, analysis, and response protocols
• Strong analytical thinking, documentation, and cross-functional communication
• Ability to work in a fast-paced, collaborative Security Operations environments

Target Compensation: A competitive base salary range from $80,949-118,726. This position is eligible for an annual variable cash bonus, between 7.5 - 15%. Bonus amounts are based on individual performance. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications. 

Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles and San Diego. 

This position is not currently open to individuals who require sponsorship now or in the future to work legally for Credit Acceptance, such as H-1b/H-4 or F-1 OPT visa holders. 

#zip 

#LI-Remote 

Benefits

• Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work 

Our Company Values:

To be successful in this role, Team Members need to be:

• Positive by maintaining resiliency and focusing on solutions
• Respectful by collaborating and actively listening
• Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
• Direct by effectively communicating and conveying courage
• Earnest by taking accountability, applying feedback and effectively planning and priority setting

Expectations:

• Remain compliant with our policies processes and legal guidelines
• All other duties as assigned
• Attendance as required by department

Advice!

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term.  If you are actively looking or starting to explore new opportunities, send us your application!

 

P.S.

We have great details around our stats, success, history and more.  We’re proud of our culture and are happy to share why – let’s talk!

California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.