Vulnerability Management Analyst

Job Summary

We are seeking a highly skilled and motivated Vulnerability Management Specialist with at least 5 years of hands-on experience in identifying, assessing, and mitigating security vulnerabilities across enterprise environments. The ideal candidate will have a strong understanding of cybersecurity principles, vulnerability scanning tools, and risk management frameworks, with the ability to communicate technical issues to non-technical stakeholders.

Job Requirements

•    Manage the end-to-end vulnerability management lifecycle: discovery, classification, prioritization, remediation tracking, and reporting.
•    Conduct regular vulnerability assessments using tools such as Qualys, Tenable, Nessus, or Rapid7.
•    Collaborate with system owners, infrastructure teams, and developers to address and remediate vulnerabilities.
•    Monitor threat intelligence feeds to identify and assess emerging vulnerabilities.
•    Develop and maintain metrics and reports on vulnerability status, trends, and remediation progress.
•    Ensure compliance with internal security policies and external regulatory standards (e.g., PCI-DSS, ISO 27001, HIPAA).
•    Coordinate periodic penetration testing and work with external vendors as needed.
•    Assist in maintaining and improving the organization's vulnerability management processes and tools.

•    Strong analytical and problem-solving skills.
•    Excellent written and verbal communication.
•    Ability to manage multiple priorities and work effectively in a fast-paced environment.
•    Collaborative mindset with a strong sense of accountability.

•    Security certifications such as CISSP, CEH, OSCP, CompTIA Security+, or GIAC.
•    Experience with scripting languages (Python, PowerShell, Bash) for automation of vulnerability tasks.
•    Exposure to cloud environments (AWS, Azure, GCP) and related security controls.
•    Familiarity with SIEM and ticketing systems (e.g., Splunk, ServiceNow).

Education

•    Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
•    Minimum of 5 years of professional experience in vulnerability management, information security, or a related domain.
•    Strong knowledge of operating systems (Windows, Linux, Unix), network protocols, and application architectures.
•    Hands-on experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7, Tenable.io).
•    Familiarity with patch management practices and tools.
•    Understanding of CVSS scoring, OWASP Top 10, and MITRE ATT&CK framework.
•    Experience interpreting and responding to vulnerability alerts (e.g., CVEs, vendor advisories).