Employment in this role is conditional upon successful execution of the contract by the client.

The Work

The Vulnerability Remediation Analyst serves as the primary Vulnerability Remediation focal point for our client’s Server Team. This position enables the organization to remediate a greater volume of vulnerabilities and maintain a continuous state of readiness with respect to vulnerability management and compliance.

The analyst is responsible for coordinating, tracking, and facilitating the remediation of server vulnerabilities that fall outside of normal patching schedules. This role functions as the key interface between Cyber Security, Server Operations, and Change Management to ensure that high-risk and exception-based vulnerabilities are remediated in a timely, auditable, and compliant manner.

The position leverages ServiceNow (including the IT Remediation Workspace) to manage end-to-end vulnerability remediation activities and to develop, submit, and present remediation-related changes to the Change Advisory Board (CAB). The role supports enterprise server platforms including Windows, Linux (RHEL), and Citrix and emphasizes strong organizational, communication, and change management skills rather than hands-on patch execution.

This position aligns with Cayuse’s core values of Innovation, Excellence, Collaboration, Adaptability, and Integrity by fostering technical solutions that meet customer needs, promoting teamwork, and prioritizing quality in deliverables.

1. Vulnerability Remediation Coordination

• Review, triage, and manage vulnerability remediation assignments within the ServiceNow IT Remediation Workspace.
• Coordinate remediation efforts for vulnerabilities that cannot be addressed through normal patch cycles (e.g., emergency vulnerabilities, high-risk CVEs, exception-based items, and special remediation scenarios).
• Serve as the central point of coordination between Server Operations, Cyber Security Operations Center (CSOC), and other impacted teams throughout the vulnerability remediation lifecycle.
• Track remediation status, dependencies, risks, and outstanding actions to ensure vulnerabilities progress to timely closure in accordance with policy, Service Level Agreements (SLAs), and risk priorities.
• Ensure all remediation activities align with the established Vulnerability Remediation Process and associated work instructions and standards.

2. ServiceNow & IT Remediation Workspace Management

• Create, manage, and update the following records in ServiceNow:
  • Vulnerability Remediation Tasks (VUL)
  • Associated Change Requests (CRQs)
  • Related Configuration Items (CIs) and relationships
• Document remediation plans, implementation steps, test and validation outcomes, and rollback plans accurately and completely within ServiceNow.
• Validate that vulnerability remediation tasks and associated change records meet ServiceNow process requirements and audit expectations prior to change submission and CAB review.
• Coordinate remediation sequencing and scheduling across multiple server platforms and support groups using ServiceNow workflows, assignment rules, and notifications.

3. Change Management & CAB Support

• Prepare and submit Normal and Standard Change Requests for vulnerability remediation activities in accordance with established Change Management policies and procedures.
• Present vulnerability remediation changes to the Change Advisory Board (CAB), clearly articulating:
  • Security risk, business impact, and urgency
  • Scope, affected services, and impacted systems
  • Remediation approach and implementation plan
  • Testing and validation strategy
  • Rollback and risk mitigation measures
• Address CAB questions, capture feedback, and coordinate follow-up actions needed to obtain approvals.
• Ensure approved changes are scheduled, communicated, and implemented in alignment with standard change windows, maintenance periods, and operational constraints.

4. Cross-Platform Server Support

• Coordinate vulnerability remediation activities across:
  • Windows Server environments
  • Linux Server environments (RHEL)
  • Citrix server platforms
• Collaborate with platform Subject Matter Experts (SMEs) to understand remediation requirements, technical constraints, and potential impacts without directly executing patching or configuration changes.
• Ensure consistent tracking, documentation, and reporting of remediation activities across heterogeneous server platforms and environments (e.g., on-premises, virtualized, and/or cloud-hosted).

5. Organization, Tracking, and Reporting

• Maintain detailed, current tracking of:
  • Outstanding vulnerabilities and remediation tasks
  • Change submissions and approvals
  • Implementation status and exceptions
  • Validation artifacts and closure evidence
• Support internal and external audit requests, compliance assessments, and leadership reporting by providing accurate remediation metrics, timelines, and status summaries.
• Identify process gaps, bottlenecks, recurring issues, or systemic challenges in the vulnerability remediation and change workflows and recommend improvements to increase efficiency, consistency, and risk reduction.

• Other duties as assigned.

Here’s What You Need

The qualifications and skills listed below are intended to provide a general overview of the requirements for this position. However, due to the anticipated nature of the contract and the absence of a finalized task order from the client, this list should not be considered all-encompassing. Additional qualifications, certifications, skills, or experience specific to the client’s requirements may be identified and requested upon award of the task order. Candidates should demonstrate flexibility and a willingness to adapt to evolving responsibilities as outlined by the client.

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related field. Equivalent work experience may be substituted on a year-for-year basis.
• 1–2 years of experience in IT operations, systems administration, cybersecurity, IT service management, or a related technical/analytical role.
• Experience working with IT service management (ITSM) tools; ServiceNow experience strongly preferred.
• Basic understanding of:
  • Server operating systems (Windows Server, Linux [RHEL])
  • Concepts of vulnerabilities, CVEs, patching, and configuration management
  • Change management processes within an ITIL or similar framework.
• 3 years of experience in:
  • Proven experience coordinating server vulnerability remediation in an enterprise environment.
  • Strong hands-on experience with ServiceNow, including Change Management and IT Remediation Workspace.
  • Solid understanding of change management processes and experience presenting changes to a CAB.
  • Practical knowledge of server platforms, including Windows Server, Linux Server, and Citrix infrastructure (ability to coordinate work with SMEs rather than perform direct administration).
  • Exceptional organizational skills with the ability to manage multiple, parallel remediation efforts with varying priorities and timelines.
  • Strong written and verbal communication skills, particularly for CAB presentations and cross-team coordination with Cyber Security, Infrastructure, and Application teams.

• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.

Minimum Skills Required:

• Must possess problem-solving skills.
• Exceptional communication skills, both oral and written
• Ability to respond effectively to customers with a sense of urgency.
• Proficient in Microsoft and Adobe toolsets, including Excel, Word, PowerPoint, Acrobat, etc.
• Highly motivated with the ability to handle and manage multiple tasks at any one time.
• Ability to forge new relationships, individual and teaming in nature.
• Must be a Self-starter, that can work independently and as part of a team.

Desired Qualifications:

• 1 year of experience with:

• Experience supporting vulnerability remediation in a government, regulated, or large enterprise environment.
• Familiarity with vulnerability management workflows that involve CSOC, Infrastructure, and Application teams, including exception handling and escalations.
• Experience coordinating remediation activities outside of standard patching schedules (e.g., emergency or out-of-band remediation efforts).
• Prior exposure to audit, compliance, or security evidence collection related to vulnerability remediation activities.

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Reports to: Program Manager

Working Conditions

• Professional hybrid office environment.
• Must be physically and mentally able to perform duties extended periods of time.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.

• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.