The Vulnerability Analyst is responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across PT Solutions’ technology environment. This role focuses on turning scanner output and vendor advisories into actionable remediation plans, partnering with IT and business teams to reduce risk while minimizing operational impact. The Vulnerability Analyst supports the overall cybersecurity program by providing clear risk-based guidance, metrics, and continuous improvement of vulnerability management processes, and performs other related duties as assigned to support the Information Security and broader IT programs.

Essential Functions

Vulnerability Identification and Analysis

• Operate, tune, and maintain vulnerability management tools (e.g., Tanium, Defender, and related platforms) to ensure accurate asset and vulnerability coverage.
• Perform scheduled and ad hoc scans of servers, endpoints, cloud workloads, and key applications.
• Analyze vulnerability data to validate findings, eliminate false positives, and group issues by risk and business impact.
• Monitor threat intelligence (e.g., KEV, vendor advisories, zero-day disclosures) and align findings to PT Solutions’ environment.

Vulnerability Prioritization and Remediation Coordination

• Develop and maintain risk-based prioritization models using factors such as CVSS, KEV, exploitability, asset criticality, and data sensitivity.
• Translate technical findings into clear remediation tasks for Infrastructure, End-User Computing, Application, and Cloud teams.
• Track remediation progress against defined SLAs and escalate overdue items to leadership as appropriate.
• Validate remediation through follow-up scans, targeted checks, and exception review.

Reporting, Metrics, and Communication

• Produce recurring reports (weekly, monthly, quarterly) on vulnerability posture, trends, and key risk indicators.
• Prepare executive summaries that communicate risk in business terms, including exposure reduction, SLA performance, and emerging issues.
• Present vulnerability findings and progress in cross-functional meetings and governance forums.

Tool and System Management

• Maintain asset inventories and vulnerability tool configurations to ensure consistent and reliable scanning coverage.
• Recommend enhancements to scanning schedules, scope, and configuration to increase coverage and reduce noise.
• Collaborate with IT and Security Engineering to integrate vulnerability data with other security tools and dashboards.

Cybersecurity Program Support and Improvement

• Contribute to the development and maintenance of policies, procedures, standards, and guidelines related to vulnerability management, patching, and configuration baselines.
• Align vulnerability practices with relevant frameworks (e.g., HITRUST, HIPAA, PCI DSS, CIS, SOC) and audit requirements.
• Support evidence collection and documentation for internal and external audits, assessments, and certifications.

Incident and Risk Support

• Provide vulnerability context and impact analysis during security incidents and investigations.
• Assist with root-cause analysis for recurring or high-impact vulnerabilities and recommend control improvements.
• Participate in risk assessments and support the integration of vulnerability data into enterprise risk management.

Vendor and Third-Party Management

• Support the evaluation of third-party products and services from a vulnerability and patching perspective.
• Review vendor advisories, end-of-life notices, and security bulletins to identify required actions for PT Solutions.
• Provide technical input to security questionnaires, risk assessments, and remediation plans for key vendors and partners.

Required Skills & Abilities

• Proficiency in Microsoft Word, Excel, and Windows-based applications.
• Strong written and verbal communication skills with the ability to explain technical issues to non-technical stakeholders.
• Demonstrated ability to prioritize workload, manage multiple concurrent tasks, and meet deadlines in a fast-paced environment.
• Solid understanding of vulnerability management concepts, including CVEs, CVSS, KEV, and patch management.
• Experience with vulnerability management tools and platforms (e.g., Tanium, Defender, Nessus, Qualys, or similar).
• Understanding of operating systems (Windows server/desktop; Linux preferred), networks, and common enterprise applications.
• Familiarity with security frameworks and regulatory requirements such as HITRUST, HIPAA, PCI DSS, CIS Controls, and NIST.
• Strong analytical and problem-solving skills, with the ability to interpret complex data and recommend practical solutions.
• Ability to work collaboratively with IT, security, compliance, and business stakeholders to drive remediation.

Required Credentials

• Bachelor’s degree in computer science, Information Systems, Cybersecurity, or related field; OR 1–3 years of experience in vulnerability management, security operations, IT or a similar role.
• At least one relevant certification is preferred, such as:
  • CompTIA Security+
  • CompTIA CySA+
  • ISC2 Certified in Cybersecurity
  • GSEC, GFACT, or GISF
  • Cisco Certified CyberOps Associate
  • Other equivalent security certification

Expanding Access to Quality Care

At PT Solutions, we’re more than colleagues; we’re a tight-knit community united in our mission to expand access to quality care. Our commitment to you is evident in our industry-leading professional development opportunities. From ongoing evidence-based clinical education to dedicated mentorship opportunities and an APTA-accredited Orthopaedic Residency Program, we propel our clinicians toward excellence in physical therapy, occupational therapy, speech-language pathology, and athletic training.

As we aim to be the go-to rehabilitation provider, we seek committed professionals eager to join us in that mission. A career with PT Solutions is an opportunity to shape the industry and make a lasting impact. 

Let’s go further together and transform care. Join the #PTSLife today! 

To see what #PTSLife is like, visit Instagram, Facebook, and LinkedIn.