Consultant – Vulnerability Assessment | Remote US

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
Position Summary
Coalfire Vulnerability Assessment is composed of highly specialized security testers and advisors with a passion for enhancing system security postures. Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members have presented at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, about offensive and defensive operations as well as the tools and capabilities we create and share. Come join an amazing technical security team who makes a difference in the information security industry and consistently pushes the limit of offensive and defensive security capabilities.

What You’ll Do

    • Work with some of the leading Cloud Service Providers (CSPs) to validate vulnerability management security posture of their products and services
    • Monitor and maintain enterprise security scanning tools (Nessus, Qualys, Nexpose, Netsparker, Burp, etc.)
    • Provide recommendations on remediating host-based and web application vulnerabilities
    • Conduct manual validation to confirm vulnerability closure
    • Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments
    • Provide recommendations to optimize processes and procedures related to enterprise security scanning tools
    • Serve as subject matter expert for vulnerability management issue resolution
    • Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise – both technical and non-technical resources, all the way up to the CIO
    • Provide periodic reports detailing scan success, remediation efforts, and vulnerability trends

What You’ll Bring

    • 2-5 years of vulnerability management experience
    • 2-5 years of cumulative network, application security, GRC, or cybersecurity consulting
    • Experience scanning for and enumerating vulnerabilities in the environments
    • Demonstrated knowledge in the planning, development, coordination, implementation, and execution of a vulnerability management program
    • In-depth knowledge of policies, procedures, development, and implementation of vulnerability identification, scanning, analysis, remediation tactics, and reporting within an organization
    • In-depth knowledge of risk analysis and vulnerability remediation plan development
    • In depth knowledge and experience of industry best practices for vulnerability management
    • Expert level experience in configuring and executing within multiple vulnerability scanning tools
    • Direct experience working with remediation teams and management on vulnerability remediation and security posture improvement
    • Experience working in ticketing tools for remediation activities
    • Familiarity with configuration baseline standards such as CIS Benchmarks or DISA STIGs
    • Experience creating system inventories, boundary diagrams, and/or plans of actions and milestones (POA&M)

Bonus Points

    • Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, etc.
    • Familiarity with Cloud services such as AWS, Azure
    • Experience supporting vulnerability management across IaaS, PaaS, and/or SaaS
    • Experience recreating web application scanning exploits in support of finding validation
    • Experience reporting to C-suite personnel on security posture
$64,000 – $112,000 a year
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.

More Information

Apply for this job
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X