VMCA Analyst

JOB TITLE:

VMCA Analyst

JOB LOCATION:

Hybrid Springfield, Boston MA or NY NY WAGE RANGE*: 58 - 62/ hour must be w2 JOB NUMBER: MA

JOB DESCRIPTION:

The Vulnerability Management and Configuration Assurance (VMCA) Analyst plays a critical role in identifying, assessing, and reducing cyber risk across the enterprise by delivering effective vulnerability management and configuration assurance capabilities. This role is responsible for driving visibility into vulnerabilities and misconfigurations, ensuring alignment with secure baseline standards, and enabling risk-informed remediation across on-premises, cloud, and hybrid environments. The analyst leverages enterprise security tools and data analytics to assess vulnerabilities, monitor configuration compliance, and provide actionable insights that strengthen the organization's overall security posture.

This includes analyzing scan results, prioritizing remediation efforts based on risk and exploitability, and implementing compensating controls where necessary. Working closely with cross-functional teams—including Infrastructure, Cloud, Engineering, and Business Information Security Officers (BISOs)—the VMCA Analyst ensures that vulnerabilities are effectively remediated and configuration standards are consistently applied. The role also supports governance, audit readiness, and executive reporting by delivering clear, accurate, and actionable risk metrics and insights.

Risk-Based Vulnerability Analysis:
Strong understanding of CVSS scoring, exploitability, and threat context (e.g., MITRE Telecommunication) to prioritize vulnerabilities based on risk and business impact. Configuration Assurance & Compliance:
Experience assessing and validating secure configurations using automated compliance tools and aligning controls to frameworks such as CIS, NIST, ISO, and PCI-DSS. Data Analytics & Visualization:
Ability to analyze large datasets to identify trends, anomalies, and risk concentrations, and to develop dashboards and reporting (e.g., Tableau) for technical and executive audiences. Cloud & Platform Security:
Knowledge of cloud platforms (AWS, Azure, GCP), container environments, and hybrid infrastructure, including associated vulnerability and configuration risks. Security Tool Integration:
Experience integrating vulnerability and configuration data into enterprise platforms such as SIEM, GRC, and ticketing systems to support governance and operational workflows. Core Strengths Risk-Based Decision Making:
Ability to evaluate vulnerabilities and misconfigurations based on risk, exploitability, and business impact, enabling effective prioritization and remediation strategies. Analytical Thinking & Problem Solving:
Strong capability to analyze complex security data, identify trends and root causes, and translate findings into actionable insights. Attention to Detail & Audit Readiness:
High level of accuracy in validating vulnerability data, configuration compliance, and exception handling, ensuring outputs are audit-ready and defensible. Communication & Executive Reporting:
Ability to clearly articulate technical risks and remediation status to both technical teams and senior leadership, supporting informed decision-making. Collaboration & Influence:
Proven ability to work across cross-functional teams to drive remediation, enforce security standards, and improve overall security posture. Operational Ownership & Continuous Improvement:
Proactive mindset focused on enhancing vulnerability management processes, reducing risk exposure, and improving control effectiveness across the enterprise. Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits;

dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.