VMCA Analyst

VMCA Analyst

Location: Boston, MA

Onsite Flexibility: Hybrid

Contract Details

• Position Type: Contract
• Contract Duration: 8 months
• Start: ASAP
• Pay Rate: $64.28 / Hour (USD)
• Work Authorization: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Job Summary

The Vulnerability Management and Configuration Assurance (VMCA) Analyst plays a critical role in identifying, assessing, and reducing cyber risk across the enterprise by delivering effective vulnerability management and configuration assurance capabilities. This role is responsible for driving visibility into vulnerabilities and misconfigurations, ensuring alignment with secure baseline standards, and enabling risk-informed remediation across on-premises, cloud, and hybrid environments.

The analyst leverages enterprise security tools and data analytics to assess vulnerabilities, monitor configuration compliance, and provide actionable insights that strengthen the organization's overall security posture. This includes analyzing scan results, prioritizing remediation efforts based on risk and exploitability, and implementing compensating controls where necessary.

Working closely with cross-functional teams including Infrastructure, Cloud, Engineering, and Business Information Security Officers (BISOs), the VMCA Analyst ensures that vulnerabilities are effectively remediated and configuration standards are consistently applied. The role also supports governance, audit readiness, and executive reporting by delivering clear, accurate, and actionable risk metrics and insights.

Required Skills

• Vulnerability Management Tools: Hands-on experience with enterprise scanning platforms (e.g., Qualys, Wiz, Tenable, Rapid7) to identify, assess, and track vulnerabilities across endpoints, servers, and cloud services.
• Risk-Based Vulnerability Analysis: Strong understanding of CVSS scoring, exploitability, and threat context (e.g., MITRE ATT&CK) to prioritize vulnerabilities based on risk and business impact.
• Configuration Assurance & Compliance: Experience assessing and validating secure configurations using automated compliance tools and aligning controls to frameworks such as CIS, NIST, ISO, and PCI-DSS.
• Data Analytics & Visualization: Ability to analyze large datasets to identify trends, anomalies, and risk concentrations, and to develop dashboards and reporting (e.g., Tableau) for technical and executive audiences.
• Cloud & Platform Security: Knowledge of cloud platforms (AWS, Azure, GCP), container environments, and hybrid infrastructure, including associated vulnerability and configuration risks.
• Security Tool Integration: Experience integrating vulnerability and configuration data into enterprise platforms such as SIEM, GRC, and ticketing systems to support governance and operational workflows.
• Risk-Based Decision Making: Ability to evaluate vulnerabilities and misconfigurations based on risk, exploitability, and business impact, enabling effective prioritization and remediation strategies.
• Analytical Thinking & Problem Solving: Strong capability to analyze complex security data, identify trends and root causes, and translate findings into actionable insights.
• Attention to Detail & Audit Readiness: High level of accuracy in validating vulnerability data, configuration compliance, and exception handling, ensuring outputs are audit-ready and defensible.
• Communication & Executive Reporting: Ability to clearly articulate technical risks and remediation status to both technical teams and senior leadership, supporting informed decision-making.
• Collaboration & Influence: Proven ability to work across cross-functional teams to drive remediation, enforce security standards, and improve overall security posture.
• Operational Ownership & Continuous Improvement: Proactive mindset focused on enhancing vulnerability management processes, reducing risk exposure, and improving control effectiveness across the enterprise.

Benefits

• Medical, Vision, and Dental Insurance Plans
• 401k Retirement Fund

About the Company

Leading financial services company offering life insurance, disability income insurance, long-term care insurance, retirement planning, and annuities. Committed to corporate responsibility and creating an inclusive work environment.

About GTT

GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. We highly value diverse and inclusive workplaces and support Fortune 500 organizations across banking, financial services, technology, life sciences, biotech, utilities, and retail sectors throughout the U.S. and Canada.

Job Number: 26-06660

#LI-GTT #LI-Hybrid