Vulnerability Assessment Analyst IV

Vulnerability Assessment Analyst IV – Container Security & Exposure Management

Location: Birmingham, AL or Atlanta, GA
Client: Southern Company Services
Contract Duration: 15 Months
Work Schedule: Hybrid – 4 days onsite
Experience: 10+ Years

We are seeking an experienced Vulnerability Assessment Analyst IV to support container security and exposure management within a cybersecurity organization. This role will focus on identifying, validating, and assessing security vulnerabilities across IT/OT systems, cloud-native platforms, Kubernetes, Open Shift, Docker, container images, clusters, pipelines, and supporting infrastructure.

The ideal candidate will have strong hands‑on experience with vulnerability assessment, container security, Dev Sec Ops , exposure management, attack path analysis, scripting, and risk reporting.

• Identify and assess security vulnerabilities across IT and OT systems.
• Perform vulnerability scans and analyze exposures in web applications, networks, systems, embedded devices, firmware, and containerized environments.
• Evaluate container security risks across Kubernetes, Open Shift, Docker, AKS, EKS, GKE, and similar platforms.
• Assess container images, base images, dependencies, Kubernetes manifests, Helm charts, runtimes, RBAC, network policies, secrets handling, and cluster configurations.
• Validate exposure paths and determine real‑world exploit potential.
• Conduct attack path mapping and prioritize high‑risk vulnerabilities.
• Support exposure management operations, including data review, reporting, trend analysis, remediation tracking, and escalation.
• Partner with platform, infrastructure, application, Dev Ops, and security teams to recommend practical mitigation strategies.
• Monitor emerging threats, zero‑days, CVEs, and exploitation methods.
• Translate technical findings into clear business risk summaries for stakeholders and leadership.

• 10+ years of experience in cybersecurity, vulnerability assessment, exposure management, Dev Sec Ops , infrastructure security, or related roles.
• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience.
• Strong experience with Kubernetes, Open Shift, Docker, AKS, EKS, GKE, or similar container platforms.
• Ability to assess vulnerabilities in container images, dependencies, manifests, Helm charts, runtimes, and cluster configurations.
• Knowledge of container security controls such as image scanning, least privilege, non‑root containers, secrets handling, RBAC, pod security standards, network policies, and runtime monitoring.
• Experience with vulnerability management, attack surface management, cloud security posture management, and exposure management.
• Proficiency with scripting languages such as Python, Power Shell, or Bash.
• Familiarity with OWASP methodologies and common application/system vulnerabilities.
• Experience with SIEM platforms for detection validation and log analysis.
• Strong analytical, troubleshooting, communication, and documentation skills.
• Must pass NERC CIP and Insider Threat Protection background checks.

• Experience in Dev Sec Ops , application security, offensive security, penetration testing, adversarial threat simulation, or container platform engineering.
• Certifications such as CKS, CKAD, CKA, OSCP, CEH, GSEC, CISSP, or CISA.
• Experience supporting IT and OT security environments.
• Experience working with cloud‑native enterprise systems and CI/CD pipelines.

Vulnerability Assessment, Container Security, Exposure Management, Kubernetes, Open Shift, Docker, Dev Sec Ops , IT/OT Security, Cloud Security, Attack Path Mapping, Vulnerability Management, SIEM, OWASP, RBAC, Image Scanning, Runtime Monitoring, Python, Power Shell, Bash, CI/CD Security, Risk Reporting.