Back to jobs

Cybersecurity Vulnerability Analyst

Denver, CO

About Procare

For over 30 years, Procare Solutions has been dedicated to empowering early childhood educators by providing products and services that enable them to focus on the care, safety and education of children.  We recognize the responsibility that comes with nurturing and educating children, which is why our child care management solutions are designed to automate business processes, help ensure safety and compliance, communicate with families and provide educational resources and training to help teachers and children thrive.

Over 40,000 satisfied customers have chosen Procare Solutions as their trusted partner in providing exceptional care for young minds. 

A Little About the Role

The Cybersecurity Vulnerability Analyst will report to the Director of Security and Compliance as part of the Corporate cybersecurity team. This role is a matrixed position that will be aligned with the other business groups including Technology Infrastructure, and Cloud teams on prioritization and implementation of Cybersecurity initiatives across the Procare organization and environments.

The Cybersecurity Vulnerability Analyst is responsible for identifying, assessing, and mitigating security risk within an organization’s technology infrastructure. This role involves leveraging advanced security tools to detect vulnerabilities and threats, ensuring Procare’s systems are protected against potential cyber-attacks. 

The Cybersecurity Vulnerability Analyst will verify adherence of corporate, network and cloud security controls, support implementing strategies to ensure that Procare’s applications and platforms are compliant with security compliance and standards such as PCI-DSS, PCI-SAQ-D, SOC2 Type II, FERPA, NIST CSF. Collaborate with the Compliance and Privacy team providing required reports for compliance audits. Additionally, this position will participate in on-call rotation for security incidents.

This role is critical in safeguarding an organization’s digital assets and ensuring robust cybersecurity posture through proactive identification and mitigation of security threats and vulnerabilities.

The successful candidate will bring a strong passion for cybersecurity, teamwork and use prior experience, insights, and knowledge to help contribute to Procare’s cybersecurity objectives and directives.

What You Will Do

-- Vulnerability Assessments:

  • Utilize tools like Qualys to conduct regular vulnerability scans across Procare’s networks, servers, and applications
  • Identify and prioritize vulnerabilities based on risk levels and potential impact

-- Security Monitoring:

  • Employ DAST solutions to monitor and analyze application security, detecting potential threats and vulnerabilities in real-time

-- Application Security Testing:

  • Utilize tools like Veracode to perform static and dynamic application security testing (SAST & DAST) to identify security flaws in software applications
  • Collaborate with development teams to remediate identified vulnerabilities in the application code

-- Web Application Security:

  • Leverage security tools for in-depth testing of all public facing web applications, including identifying issues like SQL injection, Cross-site Scripting (XSS) and other OWASP top 10 vulnerabilities
  • Conduce penetration testing to simulate attacks and evaluate the effectiveness of deployed security controls

-- Reporting and Remediation:

  • Generate detailed reports on identified vulnerabilities and security incidents
  • Work closely with IT and development teams to implement remediation strategies and fix identified issues
  • Ensure compliance with industry standards and regulations through regular audits and assessments

-- Perform hands on operational support of threat identification, monitoring of vulnerabilities and risks to Procare’s environments and applications

-- Monitor the threat landscape and advise on emerging security threats, attack vectors and methodology and risk to the origination

-- Participate in the Cybersecurity Incident Response (CISRT) process, tickets, reports and root cause analysis (RCA)

  • Participate in the investigation and respond to security incidents, analyzing
    the root cause, mitigating the impact, and coordinating implementing corrective measure
  • Provide accurate and detailed incident reports, security assessments, and other documentation related to security activities
  • Work with other groups and teams to ensure effective security measures and incident response

-- Participate in Monthly product security meetings reviewing identified findings in products and environments

  • Update monthly security KPI metrics for distribution to the leadership team

-- Monitor patching of workstation, servers and infrastructure hardware and systems

-- Continuously monitor security alerts for suspicious activities or anomalies that may indicate a security incident

-- Participate in deployment of proactive security monitoring and alerting capabilities

-- Communicate insight to strategic security initiatives to improve capabilities through automation, process enhancement, and analyst

-- Identify improvement opportunities and provide recommendations for best practice process improvements and process automation

-- Validate security standards and benchmarks for hardware and Operating Systems

-- Administrative tasks as needed

-- Maintain vendor relationships

  • Keeping abreast of new features and tooling improvements for continuous program improvement and expansion

-- Work with cybersecurity compliance team

  • Work internal and external auditors during security audits and assessments to ensure compliance

-- Provide operational support, ensuring systems and devices are online and available which may include 24x7 on-call support rotation or as needed

Our Ideal Candidate Will Have

  • BA/BS degree or 3+ years' of experience in cybersecurity or combination of education and relevant experience
  • Experience working in an incident Response/Cybersecurity operations center (inhouse or outsourced), creating escalating, and managing security incidents and creating incident reports
  • 2+ years' of working with security tools such as vulnerability management solutions like Qualys, Rapid7, Tenable
  • Strong focus on ensuring accuracy in reporting
  • Currently hold one or more security certifications (CISSP, CISA, CRISC, CEH, SCSC02, CSA, SSCP, CSOP)
  • Solid understanding of system & security controls on at least two OS’s (Windows, Linux / Unix, and MacOS (Advantage), including host-based forensics and experience with analyzing OS artifacts
  • Strong understanding of network security concepts, security protocols, and cybersecurity best practices
  • Experience with security tools and technologies, such as firewalls, intrusion detection / prevention systems, and SIEM systems
  • Experience with creation of management dashboards for leadership team
  • Ability to analyze security logs, network traffic, and other data sources to identify security treats
  • Strong problem-solving and analytical skills
  • Knowledge of implementation of the AWS architected framework with an emphasis on the security pillar
  • Strong verbal and written communication skills; ability to drive discussions and influence decision making; strong presentation and reporting skills
  • Participation in more than one full SOC2 and/or PCI-DSS audit cycle (Advantage)
  • Experience in Agile development methodologies using JIRA
  • Prior experience with security tools such as Qualys, Rapid7, Splunk, CrowdStrike Falcon, Nessus, Kali, BurpSuite
  • Excellent communication and interpersonal skills
  • Ability to excel in a rapidly changing environment
  • Ability to multitask high priority projects
  • Ability to work independently and as part of a team

Why Procare?

  • Excellent comprehensive benefits packages including: medical, dental, & vision plans
  • HSA option with employer contributions
  • Vacation time, holidays, sick days, volunteer & personal days
  • 401K Plan with employer match and immediate vesting
  • Employee Stock Purchase Plan
  • Employee Discount Program
  • Medical, Dependent Care, and Transportation FSA Plans
  • Company paid Short and Long-Term disability and Life Insurance
  • RTD EcoPass for all Denver employees
  • Tuition Reimbursement and continued Professional Development
  • Fast paced, high energy workplace environment in prime downtown location
  • Regular company provided meals

Salary

$100,000-$125,000/year DOE

Location

This position is based in our Denver, CO office. We are currently in a hybrid in-office/remote working model based on business needs.

 

Create a Job Alert

Interested in building your career at Procare Solutions? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Procare Solutions’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.