Sr. Cybersecurity Analyst – Vulnerability Management

JOB TITLE: Sr. Cybersecurity Analyst – Vulnerability Management
Location: Santiago

Working Model: Remote

GENERAL DESCRIPTION OR PURPOSE OF JOB:
The Senior Cybersecurity Analyst – Vulnerability Management is responsible for leading Jostens' enterprise vulnerability management program, ensuring that vulnerabilities across servers, endpoints, network devices, cloud services, and applications are identified, validated, prioritized, and remediated within defined SLAs.

This position is a
hands-on, technical role
that requires strong analytical ability, expertise in vulnerability scanning tools, and the ability to clearly communicate remediation guidance and business risk to technical and non-technical stakeholders.

The analyst collaborates closely with Infrastructure, Application, Cloud, and Security teams to maintain an accurate vulnerability picture, integrate threat intelligence into prioritization decisions, support patch management cycles, and continuously improve Jostens' security posture.

Item
Description
% Time
1
Vulnerability Scanning, Detection, Analysis and Prioritization

• Lead enterprise vulnerability scanning across servers, endpoints, cloud assets, OT/IoT systems, network devices, and applications.
• Manage scanner configuration, schedules, discovery scans, and credentialed scanning settings.
• Validate scan coverage, accuracy, and asset onboarding completeness.
• Maintain scanning tool health, troubleshoot authentication issues, and support upgrades and tuning.
• Analyze scan data to identify true positives, eliminate false positives, and assess exploitability.
• Correlate vulnerabilities with threat intelligence (CISA KEV, vendor advisories, exploit trends).
• Prioritize vulnerabilities using risk-based scoring, business context, and exposure levels.
• Provide clear remediation guidance and summarized risk statements to system and application owners..

30%

2
Remediation Coordination & Patch Management Support

• Partner with infrastructure, cloud, network, and application teams to track and drive remediation.
• Validate patches and configuration changes through follow-up scans.
• Escalate overdue critical vulnerabilities in alignment with established policy and SLAs.
• Provide prioritized patch lists and technical guidance to support monthly and quarterly patch cycles.
• Ensure updates and fixes align to secure configuration baselines and hardening standards.

30%

3
Documentation, Metrics and Reporting

• Produce weekly, monthly, and quarterly vulnerability management reports and dashboards.
• Track SLA compliance, remediation aging, high-risk exposure, and asset coverage.
• Provide audit-ready artifacts, screenshots, narratives, and evidence for PCI, SOX, SOC 2, and external assessments.
• Support trend analysis, security KPI reporting, and continuous improvement reviews.
• Maintain vulnerability management playbooks, SOPs, and process documentation.

25%

4
Threat Intelligence Integration & Continuous Improvement

• Monitor active exploits, zero-days, CISA KEV updates, and vendor advisories.
• Recommend proactive mitigations before patches are available.
• Identify automation and workflow improvement opportunities for scanning, reporting, and alerting.
• Assist in evaluating new tools and capabilities that enhance the vulnerability management lifecycle.

10%

5
Other

• Provide evidence and support for compliance activities (PCI, SOX, Data Privacy, external assessments).
• Help mature SOC processes, runbooks, and playbooks.
• Participate in security initiatives, cross-functional working groups, and tabletop exercises.
• Provide subject-matter expertise and guidance on vulnerability and configuration risks.
• Collaborate with Security Operations and IT to improve monitoring and preventive controls.
• Recommend strategic improvements that enhance Jostens' cyber maturity.

5%

JOB REQUIREMENTS/SPECIFICATIONS:
Note that (i) computer literacy and working-level skill with the basic MS Office suite (Word, Excel, Outlook, Explorer), (ii) good verbal and written communication skills, (iii) good interpersonal skills, and (iv) the ability to work well both individually and in a team environment are default requirements for all Jostens exempt and salaried nonexempt employees.

Required:

• Minimum of 5 years of experience in Information Security, Incident Response, Vulnerability Management, or relevant IT roles.
• Bachelor's degree in Information Security, Computer Science, Information Systems, or equivalent experience.
• Hands-on experience with vulnerability scanning tools, credentialed scanning, and risk analysis.
• Strong understanding of application and infrastructure architectures, operating systems, and common security weaknesses.
• Ability to interpret technical vulnerabilities and communicate remediation steps in clear business terms.
• Experience troubleshooting vulnerabilities, patching gaps, configuration issues, and scanning challenges.
• Experience monitoring emerging threats, zero-days, and active exploit activity.
• Strong written and verbal communication skills, with the ability to work across diverse technical teams.

Preferred:

• Security certifications such as Security+, CySA+, GSEC, CEH, GCDA, GPEN, or similar.
• Experience with API-based enrichment or automation for vulnerability data.
• Familiarity with cloud environments (AWS, Azure, O365) and cloud-native scanning approaches.
• Experience working in hybrid environments (on-prem, cloud, OT/IoT, manufacturing).
• Experience with governance platforms such as ZenGRC and ticketing tools such as Jira.
• Security certifications such as CISSP, CompTIA Security+, CySA+, GIAC GCDA, GSEC, CEH, GPEN, or similar.

Other Benefits:

• Weekly Payment
• Law Benefits
• Complementary Medical Insurance
• Pharmacy and Optic Center benefits
• Internal Cooperative
• Bonuses Facilities
• Referral Program
• Paid Vacations period
• Growth Opportunities

About Jostens:
Celebrating 125 years of business, Jostens has been a part of local communities, working with K-12 schools, colleges and universities, teams, and affiliation groups. Representatives from Jostens touch thousands of schools and groups every day, working to make a difference with products and services that recognize accomplishments and help people tell their stories. These products, along with resources for educators, yearbook curriculum and services to help motivate and inspire like Jostens Renaissance and Commitment to Graduate (C2G) are all designed to contribute to a positive and rewarding school experience. As a household name and leading brand in our market, we are passionate about being the most trusted partner in celebrating moments that matter. We are a mid-size company with a small company feel, allowing us to move fast and explore innovative ideas.

Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.