Senior IT Professional – Security​/Vulnerability Management Analyst

Overview

DO NOT APPLY IF YOU ARE NOT A US CITIZEN.

To be considered for this role, you must live in Houston, TX.

Senior IT Professional – Security / Vulnerability Management Analyst

Mercer Role Alignment: ITC.
07.009.P30

The Senior IT Professional – Security / Vulnerability Management Analyst serves as the primary operational authority for vulnerability scanning, risk scoring, and patch lifecycle coordination across law enforcement and municipal technology environments. This role is responsible for overseeing the full vulnerability management lifecycle, ensuring that security risks are identified, prioritized, communicated, and remediated in alignment with organizational risk tolerance and operational priorities.

The position operates with independent professional judgment and provides subject matter expertise in vulnerability risk management, remediation governance, and security reporting.

Vulnerability Scanning and Coverage

• Oversee routine and ad-hoc vulnerability scanning of network infrastructure, endpoints, servers, applications, and cloud environments.
• Ensure scanning coverage aligns with asset inventories and operational priorities.
• Validate scan configurations, credentials, and scope accuracy.

Risk Scoring and Prioritization

• Analyze vulnerability findings using CVSS, EPSS, exploit intelligence, and business context.
• Assign risk scores and remediation priorities based on likelihood and impact.
• Identify systemic risk patterns and recurring exposure trends.

Patch and Remediation Lifecycle Management

• Coordinate remediation activities with infrastructure, application, and operations teams.
• Track remediation progress and validate closure.
• Support patch deployment planning and prioritization.
• Escalate overdue or high-risk remediation items.

Reporting and Metrics

• Produce vulnerability dashboards, trend analysis, and executive summaries.
• Communicate risk posture to technical teams and leadership.
• Maintain vulnerability metrics for governance and audit reporting.

Program Governance and Improvement

• Support vulnerability management policy and procedure development.
• Ensure alignment with NIST and industry standards.
• Identify process improvement opportunities and tool enhancements.
• Provide vulnerability context and mitigation guidance during security incidents.
• Assist with rapid exposure assessment during active events.

Collaboration and Advisory Support

• Serve as a trusted advisor for vulnerability and patch risk decisions.
• Partner with cross-functional teams to reduce organizational risk.

Education

• Associate’s degree in Computer Science, Management and Information Systems (MIS), Business, or a related field.
• System-specific technical certifications may substitute for the Associate degree.
• Experience in IT security, infrastructure, or application support may substitute for education on a year-for-year basis.

Experience

• Minimum of 24 months of technology experience in IT security or supporting security aspects of IT infrastructure or application teams.
• Hands-on experience with vulnerability scanning platforms such as Qualys, Tenable, or Rapid
  7.
• Experience coordinating remediation activities across technical teams.

Certifications

Core Competencies

• Vulnerability management lifecycle
• Security reporting and metrics
• CVSS and exploit risk analysis
• Technical risk communication

Preferred Experience

• Experience in law enforcement or regulated environments
• Familiarity with NIST 800-53 and NIST CSF
• Scripting or automation experience (Python, Power Shell)
• Experience with asset inventory and CMDB integration

This position aligns with Mercer role ITC.
07.009.P30 and represents a professional-level vulnerability management expert role. The Senior IT Professional – Security / Vulnerability Management Analyst operates with independent authority and accountability for vulnerability risk management and remediation coordination across organizational environments.