Cybersecurity Analyst (Vulnerability Management)

• Design and drive strategy and tactical plans toward holistic Vulnerability Management across multiple technology teams in a large complex organization.
• Analyses patch and vulnerability information for Vulnerability Management processes. 
• Automate the Vulnerability Management process to improve operation efficiency.
• Provide status report to Regional RISO and IT leaders related to Vulnerability Management metrics, key risk indicators, trending and compliance reports. 
• Collaborate with Information Security policies, standards and baselines and contribute efforts to measure compliance. 
• Collaborate with cross-functional teams, including IT, security operations, and development teams, to ensure timely vulnerability remediation across on-premises and cloud environments.
• Leads the analysis, implementation, execution, and improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems. 
• Create and maintain SOPs for the Vulnerability Management program, provide technical knowledge to operations and production support teams. 
• Work with portfolio manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities. 

• University Degree in Computer Science, or a related field 
• Minimum 4-6 years of IT security experience such as penetration testing, vulnerability scanning, security audits, configuring and managing security systems. 
• Knowledge of security standards, frameworks, and best practices (e.g., OWASP, CVE, CVSS).
• Technical knowledge and experience working with enterprise vulnerability management platforms. 
• Work experience with vulnerability assessment tools like Rapid7, Nessus and similar. 
• Extensive knowledge and experience with diverse IT architecture and enterprise IT data centers, external hosted service and cloud computing environments. 
• Solid grasp of computer networking concepts and protocols and network security methodologies. 
• Detailed comprehension of information security technology and tools, integrations, API and scripting. 

Non-Technical/Soft skills 

• Able to exercise good judgement in a dynamic environment. 
• Independent and self-directed, with excellent time management skills.
• Excellent communication skills with the ability to communicate risk in business-relevant language. 
• Effective communication and collaboration skills for management presentation materials. Experience on reporting and analytics tool is required such as Power BI, Advanced Excel/Power Query. 
• Team player with positive attitude. Highly driven, autonomous, and resilient. Enjoy working in a dynamic and multi-cultural environment. 
• Good program/project management skills. 
• Relevant certifications such as CISSP, CISM, or equivalent are a plus.