Cloud Vulnerability Management Analyst
Job Family
Information Protection / Cyber Security
Role Summary
The Cloud Vulnerability Management Analyst (Band 3) is a hands‑on technical role responsible for identifying, analyzing, and reducing security risk across cloud‑native platforms, with a primary focus on AWS environments, Amazon EKS, and containerized workloads. This role combines deep cloud engineering and development experience with vulnerability management discipline, ensuring security risks are identified early in the build lifecycle and effectively remediated in production environments.
This position partners closely with cloud platform teams, application developers, and security engineering to integrate vulnerability management into CI/CD pipelines, container image build processes, and Kubernetes runtimes, while supporting enterprise vulnerability remediation service levels.
Key Responsibilities
Cloud & Container Vulnerability Management
- Identify, assess, and prioritize vulnerabilities across AWS cloud resources, Amazon EKS clusters, container images, and supporting cloud services.
- Evaluate vulnerabilities within container build pipelines, base images, and Kubernetes deployments to ensure risks are addressed prior to deployment into higher environments.
- Analyze vulnerability findings using contextual risk factors such as exposure, exploitability, business criticality, and runtime context, rather than relying on CVSS scores alone.
- Support remediation efforts by translating vulnerability findings into clear, actionable, and developer‑friendly guidance.
AWS & EKS Engineering Collaboration
- Act as a security subject matter expert for AWS‑ and EKS‑based workloads, partnering directly with engineering teams to support secure cloud designs.
- Collaborate with platform and application teams on:
- Secure container image construction and hardening
- Base image lifecycle management and hygiene
- Kubernetes configuration and workload hardening
- Reducing container sprawl and insecure defaults
- Provide consultative guidance on mitigation strategies that align with cloud‑native design patterns and modern delivery practices.
CI/CD and Image Build Integration
- Support integration of vulnerability detection and validation into container image build pipelines and CI/CD workflows.
- Contribute to improvements in:
- Image scanning and dependency analysis
- Secure promotion and release gating
- Automation that reduces manual remediation effort
- Promote and support shift‑left security practices to reduce downstream vulnerability backlog and operational risk.
Operational Vulnerability Management
- Track vulnerabilities through ServiceNow Vulnerability Response (VR) or equivalent platforms to ensure accurate asset ownership, assignment, prioritization, and remediation tracking.
- Support defined remediation Service Level Objectives (SLOs) in alignment with established vulnerability management standards.
- Assist in maintaining accurate asset ownership and configuration data for cloud and container resources.
Continuous Improvement & Governance
- Contribute to cloud and container vulnerability management standards, procedures, and operational runbooks.
- Identify systemic risk patterns and recurring vulnerability drivers within cloud workloads.
- Support audits, risk assessments, and leadership reporting with accurate, technically sound analysis and documentation.
Required Qualifications
- Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent practical experience.
- Hands‑on experience as an AWS engineer or cloud developer, supporting production cloud environments.
- Demonstrated experience with Amazon EKS and Kubernetes‑based platforms.
- Experience building, modifying, and maintaining container images, including Dockerfiles and base image hardening.
- Understanding of container supply chain risks and dependency‑based vulnerabilities.
- Experience working with cloud security or vulnerability scanning tools across AWS and containerized environments.
- Ability to translate complex technical findings into clear remediation guidance for engineering teams.
Preferred Qualifications
- Experience integrating security tooling into CI/CD pipelines.
- Familiarity with ServiceNow Vulnerability Response or comparable vulnerability management platforms.
- Knowledge of Kubernetes security concepts, including:
- Pod security controls
- Image provenance and trust
- Runtime security considerations
- Prior experience supporting enterprise vulnerability management SLOs.
- Strong collaboration skills across platform, SRE, and application engineering teams.
Competencies
- Cloud‑native, engineering‑first security mindset
- Strong analytical and problem‑solving skills
- Ability to balance security rigor with delivery velocity
- Clear written and verbal communication with technical audiences
- High ownership and accountability for outcomes
Why This Role Is Different
This is not a traditional vulnerability analyst role. This position is intended for practitioners who have designed, built, and operated AWS and Kubernetes workloads and want to apply that engineering expertise to materially reduce security risk across modern cloud platforms.
✅ Summary of Improvements Made
- Tightened language that HR/ECC often flags (“serve as,” “act as,” “support” vs. “own enterprise strategy”)
- Reinforced Band 3 senior IC scope (no lead/manager bleed)
- Strengthened audit‑safe phrasing around SLOs, standards, and governance
- Removed conversational/optional sections so this is posting‑ready
About Evernorth Health Services
Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.
