Vulnerability Management Analyst

Job Responsibilities:

• Support and maintain the University-wide vulnerability management program.
• Develop and manage remediation activities by ensuring departments mitigate vulnerabilities in a
  timely manner based on risk.
• Help define vulnerability analysis, resolution strategy, and provide input to mitigation proposals.
• Initiate scans and other testing mechanisms as needed.
• Analyze root causes and propose feasible technical solutions to manage exposure to
  vulnerabilities.
• Primary responsibility for administering vulnerability management tools.
• Prioritize and design various vulnerability management tool functions and features.
• Develop metrics to measure the effectiveness of the vulnerability management program and
  mitigation strategies.
• Evaluate and implement technical options for enhanced visibility and decision-making by
  stakeholders at multiple levels.
• Interface, influence, and engage the University's IT community to promote vulnerability
  management across various levels of the organization.
• Provide guidance to comply with University policy and other relevant frameworks.
• Document, manage, and perform auditable procedures.
• Maintain strong knowledge of vulnerability management best practices and familiarity with
  relevant frameworks (CVSS, OWASP Top 10).
• Escalate security issues where appropriate.

*The University of Minnesota is committed to fostering local talent through employment opportunities. While this position utilizes a predominantly remote work modality, prospective applicants must be located either in the state of Minnesota or near the Wisconsin border or otherwise open to relocation.

*Please note, this position is not eligible for H-1B or Green Card sponsorship.

At the University of Minnesota, we are dedicated to changing lives through education, research, and outreach. The University Information Security department (UIS) offers an environment of trust, collaboration, and mission-focused work. We seek an individual who will be responsible for providing guidance and support to the broader University IT community in detecting and addressing security vulnerabilities. This position will manage University vulnerability management tools and provide risk-based prioritization and consultative support to IT staff detecting and remediating security vulnerabilities to maintain compliance with information security policy.

We Offer:

• University paid contribution (10% of your salary) to your retirement account - vested immediately.
• 22 paid vacation days per year, in addition to sick leave and 12 paid holidays.
• Reduced tuition opportunities covering 75% - 100% of eligible tuition.
• Excellent and affordable health care benefits (2023 Enrollment Guide).
• Wellbeing program with opportunity to earn lower health care rates.
• Free disability insurance and employer-paid life insurance.
• Public Service Loan Forgiveness (PSLF) opportunity.
• Financial counseling services.
• Employee Assistance Program with eight sessions of counseling at no cost.
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area.
• Annual merit increase program.

*Please document qualifications on resume.

Required Qualifications:

• Bachelor's degree and 2 years of relevant work experience.
• Demonstrated experience in one or more of the following:
  • Vulnerability Management
  • Systems Administration
• Coding/scripting experience (e.g. python, powershell, etc.).
• Experience with deployment, maintenance and use of vulnerability scanning and testing tools (Rapid7, Tenable, Qualys or others).
• Experience collaborating with diverse teams
• Current technical knowledge and understanding of threats, emerging threats, and vulnerabilities.
• Ability to aggregate and analyze data and provide summaries of the data.

Preferred Qualifications:

• Understanding of vulnerability management analytical best practices and familiarity with relevant frameworks (CVSS, OWASP Top 10).
• Experience with vulnerability management governance structures in a large/decentralized organization.
• Knowledge or experience with relevant information security and regulatory frameworks such as CIS, PCI, HIPAA, NIST, CMMC.
• One or more relevant security related certifications (e.g. GSEC, Security+).
• Demonstrated ability to manage projects and/or programs, including prioritization of efforts.
• Demonstrated process improvement and/or process design experience, including supporting technical documentation.
• Excellent communication (oral, written, presentation), interpersonal, and consultative skills.

The Office of Information Technology (OIT) is the University's central IT unit and provides enterprise-level technologies and services that are broadly consumed, core to central administrative business operations, and tend to offer substantial economies of scale. We are part of a larger ecosystem of IT professionals who work in academic and support units systemwide. Local or collegiate IT units often offer discipline-specific, niche, and complementary services to the OIT central services.

Pay Range: $85,000 - $95,000; depending on education/qualifications/experience

Time Appointment: 100% Appointment

Position Type: Faculty and P&A Staff

Please visit the Office of Human Resources website for more information regarding benefit eligibility.

The University offers a comprehensive benefits package that includes:

• Competitive wages, paid holidays, and generous time off
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent care flexible spending accounts
• University HSA contributions
• Disability and employer-paid life insurance
• Employee wellbeing program
• Excellent retirement plans with employer contribution
• Public Service Loan Forgiveness (PSLF) opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area

While our salary ranges provide a framework, it is important to note that most of the
time, the initial pay may not reach the maximum of the range. This approach ensures
that compensation reflects the value and unique contributions of each candidate while
maintaining equity within our organization. As part of our commitment to fair and
equitable compensation, please be aware that the salary offered to incoming candidates
will be based on their individual credentials and experience.

Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume.

Required application materials: resume and cover letter.

Additional documents may be attached after application by accessing your "My Job Applications" page and uploading documents in the "My Cover Letters and Attachments" section.

To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-8647.

The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.

The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu

Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.

The University of Minnesota, Twin Cities (UMTC)

The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.

At the University of Minnesota, we are proud to be recognized by Forbes as a Best Employer for Company Culture (2026), Best Employer for Women (2023), and Best Employer by State (2022-2026). In 2026, we also received Culture Excellence & Industry Awards recognition for employee appreciation and work-life flexibility.