At Vanta, our mission is to help businesses earn and prove trust. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and while some have prior security experience, many have been successful at Vanta without it.

As a Senior Security Analyst, Vulnerability Management at Vanta, you will take ownership of identifying, triaging, and tracking vulnerabilities across our systems, with a focus on maintaining compliance with FedRAMP’s strict continuous monitoring (ConMon) and POA&M reporting requirements. You'll partner closely with engineering, compliance, and cloud infrastructure teams to ensure we manage vulnerabilities efficiently and transparently.

If you have experience working in regulated cloud environments, enjoy driving cross-functional security initiatives, and want to help shape the security operations of a fast-growing company—this role is for you.

What you’ll do as a Senior Security Analyst, Vulnerability Management at Vanta:

• Lead the vulnerability management program for Vanta’s FedRAMP-authorized systems and environments

• Perform analysis, prioritization, and tracking of vulnerabilities from internal tools, external assessments, and our bug bounty program (e.g. Semgrep, Tenable, etc.)

• Coordinate remediation timelines with engineering and infrastructure teams in alignment with defined SLAs

• Work with the GRC team to develop, manage, and maintain Plan of Actions & Milestones (POA&Ms), ensuring completeness, accuracy, and timeliness

• Support monthly and quarterly FedRAMP continuous monitoring (ConMon) activities including monthly authenticated scans, reporting, and updates stakeholders

• Create and maintain documentation and dashboards for vulnerability status, POA&M metrics, and compliance reporting

• Partner with compliance teams to ensure alignment with SSPs, audit readiness, and risk tracking

• Assist with incident response and root cause analysis if a vulnerability leads to an exposure

• Assist with investigating discovered vulnerabilities to determine exploitation

• Recommend improvements in scanning processes, tooling, and communication workflows

How to be successful in this role:

• 4+ years of experience in information security or vulnerability management roles, with 2+ years in a FedRAMP environment

• Deep understanding of FedRAMP controls and ConMon/POA&M reporting processes

• Strong experience with vulnerability management tools (e.g., Tenable/Nessus, AWS-native tools, SAST, DAST, and related tools)

• Familiarity with cloud-native environments (especially AWS) and CI/CD pipelines

• Proven ability to triage vulnerabilities based on severity, risk, and context, and align with remediation timelines

• Clear, concise communicator—able to collaborate with both technical and non-technical teams and provide context to compliance stakeholders

• Highly organized with excellent documentation skills

• Experience with Jira and GRC platforms a plus

What you can expect as a Vanta’n:

• Industry-competitive compensation

• 100% covered medical, dental, and vision benefits with dependents coverage

• 16 weeks fully-paid parental Leave for all new parents

• Health & Wellness Stipend

• Remote Workspace Stipend

• 401(k) Matching Plan

• Flexible work hours and location

• Open & Encouraged PTO Policy

• 9 Company Paid Holidays

• Offices in SF, NYC, London, Dublin, and Sydney

To provide greater transparency to candidates, we share base pay ranges for all US-based job postings regardless of state. We set standard base pay ranges for all roles based on function, level, and country location, benchmarked against similar-stage growth companies. Final offer amounts are determined by multiple factors and may vary based on candidate location, skills, depth of work experience, and relevant licenses/credentials.

#LI-remote

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.

About Vanta

We started in 2018, in the wake of several high-profile data breaches. Online security was only becoming more important, but we knew firsthand how hard it could be for fast-growing companies to invest the time and manpower it takes to build a solid security foundation. Vanta was inspired by a vision to restore trust in internet businesses by enabling companies to improve and prove their security. From our early days automating security monitoring for compliance standards like SOC 2, HIPAA and ISO 27001 to creating the world's leading Trust Management Platform, our vision remains unchanged.

Now more than ever, making security continuous—not just a point-in-time check— is essential. Thousands of companies rely on Vanta to build, maintain and demonstrate their trust— all in a way that's real-time and transparent.

Compensation Range: $139K - $164K