Vulnerability Management and Configuration Assurance Analyst
Company: MassMutual
Location: Boston
Posted on: February 17, 2026
|
|
|
Job Description:
The Opportunity We are seeking an experienced Vulnerability
Management and Configuration Assurance Engineer to join our
Vulnerability Management and Configuration Assurance team. The
ideal candidate will have a deep understanding of security
principles, vulnerability management and secure baseline
configuration monitoring and designing, implementing, and
optimizing vulnerability assessment solutions for MassMutual. As an
advanced-level engineer, you will collaborate with cross-functional
teams to ensure the security posture of our organization meets
industry standards and regulatory requirements. The Team The
Vulnerability Management and Configuration Assurance (VMCA) team is
responsible for identifying, assessing, prioritizing, reporting,
and continuous monitoring of vulnerabilities and configuration
baseline deficiencies within our organization’s infrastructure,
applications, and systems. Our team plays a critical role in
maintaining the security posture of the company by proactively
managing vulnerabilities that could be exploited by attackers. VMCA
is motivated by a shared sense of responsibility to protect the
organization’s assets and reputation by knowing our work directly
mitigates security threats and prevents potential breaches, strong
collaboration with other security and IT teams, continuous
learning, innovation, and problem-solving. The culture of VMCA
consists of proactive and preventative mindsets, collaboration,
cross-disciplinary communication, accountability, ownership,
agility, adaptability, inclusivity, knowledge sharing, and
transparency. The Impact: Your key responsibilities will consist of
the following to ensure digital assets are resilient against
emerging threats, reducing potential financial and reputational
damage from security incidents. Vulnerability Management - Lead the
design, implementation, and continuous improvement of the
enterprise vulnerability management program. - Hands on experience
using automated scanning tools (e.g., Qualys, Tenable, Rapid7, Wiz)
to identify, assess, report, and track vulnerabilities detected on
operating systems, databases, network devices, mobile devices, and
cloud services. - Perform advanced vulnerability assessments across
on-premises, cloud, containerized, and hybrid environments. -
Analyze vulnerability scan results, prioritize findings based on
risk, exploitability, and business impact. - Integrate threat
intelligence and MITRE ATT&CK mapping to contextualize
vulnerabilities and enhance prioritization. - Collaborate with
infrastructure and business information security officers (BISO)
teams to drive timely remediation and mitigation. - Identify and
recommend compensating controls when immediate remediation is not
feasible. - Develop and maintain metrics and dashboards to report
on vulnerability trends, remediation progress, and risk posture.
Configuration Assurance - Utilize automated compliance tools to
assess and validate configuration compliance for operating systems,
databases, network devices, and cloud services. - Partner with IT
and engineering teams to remediate configuration drift and ensure
continuous compliance. - Map configuration assurance controls to
regulatory frameworks (e.g., NIST, CIS, ISO 27001, PCI-DSS, HIPAA).
- Maintain documentation of configuration standards and exceptions.
Data Analytics & Visualization - Leverage data analytics to
identify trends, anomalies, and risk concentrations across
vulnerability and configuration data. - Build and maintain
dashboards and visualizations using tools such as Tableau, etc. -
Present actionable insights to technical and executive stakeholders
to support risk-based decision-making. Tooling & Automation -
Develop scripts and automation workflows to streamline scanning,
reporting, and remediation tracking. - Integrate vulnerability and
configuration data into SIEM, GRC, and ticketing systems.
Governance & Reporting - Provide executive-level reporting and risk
analysis to support strategic decision-making. - Participate in
internal and external audits, ensuring evidence of vulnerability
and configuration assurance controls. - Stay current with emerging
threats, vulnerabilities, and security technologies. The Minimum
Qualifications - Bachelor's or master's degree in computer science,
Cybersecurity, or related field. - 8 years of experience in
vulnerability management, configuration assurance, or related
security engineering roles. - Relevant security certifications such
as CISSP, CISM, OSCP, GIAC (GSEC, GCIH, GCIA, etc.) from an
industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA,
ISC2, etc.) The Ideal Qualifications - Hands on experience with
vulnerability scanning tools and configuration assessment
platforms. - Familiar with advanced vulnerability management
techniques such as continuous threat and exposure management and
external attack surface management. - Deep understanding of CVSS,
MITRE ATT&CK, threat modeling, and risk-based prioritization. -
Experience implementing and validating compensating controls in
enterprise environments. - Knowledge of cybersecurity concepts and
methods including secure configuration management, data protection,
security monitoring, incident response, patch management,
governance, enterprise security strategies, and architecture. -
Deep understanding of security vulnerabilities, exploits, and
mitigation techniques. - Strong understanding of risk analysis,
vulnerability assessment methodologies, and securing baselines. -
Clear understanding of various operating systems (Windows, Unix,
etc.,), secure configuration and build images. - Experience with
cloud platforms (AWS, Azure, GCP), container security (Docker,
Kubernetes), and security frameworks specific to cloud environment.
- Familiarity with security best practices, regulatory
requirements, and industry frameworks (e.g., NIST, ISO, CIS, etc.).
- Strong scripting skills (Python, PowerShell, Bash) for automation
and data manipulation. - Strong knowledge of networking protocols,
firewalls, VPNs, and security measures. - Strong analytical,
problem-solving, communication, and technical writing skills. -
Excellent communication skills and ability to influence
cross-functional teams. - Experience working in large, complex
environments. - Ability to manage multiple projects and tasks
effectively, with a proactive and detail-oriented approach. - Able
to translate complex technical issues into simple, easy to
understand concepts. What to Expect as Part of MassMutual and the
Team - Regular meetings with the Vulnerability Management and
Configuration Assurance team. - Focused one-on-one meetings with
your manager. - Access to mentorship opportunities. - Networking
opportunities including access to Asian, Hispanic/Latinx, African
American, women, LGBTQIA, veteran and disability-focused Business
Resource Groups. - Access to learning content on Degreed and other
informational platforms. - Your ethics and integrity will be valued
by a company with a strong and stable ethical business with
industry leading pay and benefits. LI-SC1 MassMutual is an equal
employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process,
please contact us and share the specifics of the assistance you
need. California residents: For detailed information about your
rights under the California Consumer Privacy Act (CCPA), please
visit our California Consumer Privacy Act Disclosures page.
Keywords: MassMutual, Salem , Vulnerability Management and Configuration Assurance Analyst, IT / Software / Systems , Boston, Massachusetts
