Senior Security Analyst, Vulnerability Management

As a Senior Security Analyst, Vulnerability Management at Vanta, you will lead the vulnerability management program for Vanta’s FedRAMP-authorized systems and environments. Responsibilities include performing analysis, prioritization, and tracking of vulnerabilities from internal tools, external assessments, and our bug bounty program (e.g. Semgrep, Tenable, etc.). You will also coordinate remediation timelines with engineering and infrastructure teams in alignment with defined SLAs. In addition, you will work with the GRC team to develop, manage, and maintain Plan of Actions & Milestones (POA&Ms), ensuring completeness, accuracy, and timeliness and support monthly and quarterly FedRAMP continuous monitoring (ConMon) activities including monthly authenticated scans, reporting, and updates stakeholders. You will create and maintain documentation and dashboards for vulnerability status, POA&M metrics, and compliance reporting and partner with compliance teams to ensure alignment with SSPs, audit readiness, and risk tracking.