Lead Vulnerability Management Analyst

Location: Maryland, US

Apply

Requisition Number: 81161

Position Title:

External Description:

Role Summary

The Lead Vulnerability Management Analyst is responsible for overseeing the identification, assessment, prioritization, and remediation coordination of security vulnerabilities across the organization’s technology environment. This role provides technical leadership in vulnerability management operations, partners closely with infrastructure, application, cloud, and security teams, and helps drive continuous improvement of the organization’s security posture.

The ideal candidate combines deep technical knowledge of vulnerability management practices with strong leadership, communication, and risk-based decision-making skills.

Responsibilities

  • Lead the enterprise vulnerability management program, including vulnerability scanning, analysis, prioritization, reporting, and remediation tracking.
  • Review and validate vulnerability scan results from infrastructure, endpoints, applications, containers, cloud platforms, and other technology assets.
  • Analyze vulnerabilities for exploitability, business impact, and remediation urgency using risk-based methodologies.
  • Partner with IT, engineering, application development, cloud, and infrastructure teams to coordinate remediation activities and reduce risk.
  • Establish and maintain vulnerability management processes, standards, procedures, and service level expectations.
  • Provide guidance on remediation strategies, compensating controls, and exception handling where immediate remediation is not feasible.
  • Monitor emerging threats, zero-day vulnerabilities, and industry advisories to assess organizational exposure and recommend response actions.
  • Lead efforts to improve scanning coverage, asset visibility, reporting accuracy, and remediation effectiveness.
  • Develop and present metrics, dashboards, and executive-level reporting on vulnerability trends, remediation performance, and risk posture.
  • Support internal and external audits, regulatory requirements, and security assessments related to vulnerability management.
  • Collaborate with incident response, threat intelligence, security operations, and governance teams to align vulnerability priorities with active threats and business risk.
  • Mentor junior analysts and provide technical leadership across vulnerability assessment and remediation efforts.
  • Evaluate and optimize vulnerability management tools, integrations, and automation capabilities.

Qualifications

Required:

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field; or equivalent practical experience.
  • 6+ years of experience in cybersecurity, with significant experience in vulnerability management, security operations, or infrastructure/application security.
  • Strong understanding of vulnerability assessment tools and platforms such as Tenable, Qualys, Rapid7, or similar solutions.
  • Experience analyzing vulnerabilities across operating systems, networks, databases, applications, cloud environments, and containers.
  • Knowledge of CVSS, Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and risk-based vulnerability prioritization.
  • Familiarity with enterprise operating environments including Windows, Linux, cloud platforms, virtualization, and network technologies.
  • Experience working with remediation teams to drive issue resolution in complex enterprise environments.
  • Strong written and verbal communication skills, including the ability to explain technical findings to non-technical stakeholders.
  • Demonstrated ability to lead initiatives, influence cross-functional teams, and manage competing priorities.

Preferred:

  • Relevant certifications such as CISSP, GIAC, Security+, GSEC, GPEN, or similar.
  • Experience with cloud security and vulnerability management in AWS, Azure, or Google Cloud environments.
  • Familiarity with DevSecOps practices, container security, and CI/CD pipeline scanning.
  • Experience with scripting or automation using Python, PowerShell, Bash, or similar languages.
  • Knowledge of regulatory and compliance frameworks such as NIST, ISO 27001, CIS Controls, PCI DSS, or SOX.
  • Experience with ticketing, workflow, and reporting tools such as ServiceNow, Jira, Power BI, or Tableau.

Key Competencies:

  • Technical leadership
  • Risk-based decision making
  • Analytical problem solving
  • Cross-functional collaboration
  • Process improvement
  • Executive communication
  • Attention to detail
  • Operational accountability

Success Measures:

  • Reduction in critical and high-risk vulnerabilities across the environment
  • Improvement in remediation timeliness and SLA performance
  • Increased vulnerability scanning coverage and asset visibility
  • Quality and clarity of reporting to technical and executive stakeholders
  • Strong partnership with infrastructure, engineering, and application teams
  • Maturity improvements in the vulnerability management program

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to three days per week from home.

Important Note: This role typically operates in a hybrid office and remote environment and may require occasional after-hours support for critical vulnerability response activities.

City:

State:

Community / Marketing Title: Lead Vulnerability Management Analyst

Company Profile:

Location_formattedLocationLong: Maryland, US

CountryEEOText_Description: Commitment to Diversity, Equity, and Inclusion: We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day. Benefits: We invest in our people through a wide range of programs and benefits, including: • Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions • Flexible and remote work opportunities • Health care benefits (medical, dental, vision) • Tuition assistance • Wellness programs (fitness reimbursement, Employee Assistance Program) Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates’ well-being and addressing the needs of our clients, business, and communities is unwavering. T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.

We’re driven by our purpose: To identify and actively invest in opportunities to help people thrive in an evolving world.

Find us on:     Facebook     X     YouTube     LinkedIn     Instagram

Do Not Sell or Share My Personal Information

Transparency in Coverage Disclosure

This website does not provide investment advice or recommendations. Nothing in this website shall be considered a solicitation to buy or an offer to sell a security, or any other product or service, to any person in any jurisdiction where such offer, solicitation, purchase, or sale would be unlawful under the laws of such jurisdiction.

T. ROWE PRICE, INVEST WITH CONFIDENCE, and the Bighorn Sheep design are, collectively and/or apart, trademarks of T. Rowe Price Group, Inc. All rights reserved.

© 2026 T. Rowe Price. All Rights Reserved.