Vulnerability Management Analyst

Career Category

Job Description

Join Amgen’s Mission of Serving Patients

At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do.

Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives.

Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career.

Information Security Engineer – Vulnerability Management Analyst

What you will do

Let’s do this. Let’s change the world. In this vital role is focused on identifying, assessing, prioritizing, and tracking the remediation of vulnerabilities across the organization’s technology stack. The Vulnerability Management Analyst plays a key role in the security operations team by ensuring known vulnerabilities are managed through their lifecycle using structured processes and tools. The individual will analyze vulnerability scan data, correlate threat intelligence (e.g., KEV, EPSS), and work closely with infrastructure, application, and business teams to drive risk-based remediation.

Roles & Responsibilities:

• Analyze vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications.

• Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context.

• Partner with IT and DevOps teams to track remediation progress and provide technical guidance on mitigation strategies.

• Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity.

• Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams.

• Support vulnerability assessment activities in cloud environments (AWS, Azure, etc.).

• Maintain documentation related to the vulnerability management lifecycle.

• Assist in policy and process development related to vulnerability and patch management.

• Participate in audits and compliance efforts (e.g., SOX, ISO, NIST, PCI).

What we expect of you

We are all different, yet we all use our unique contributions to serve patients.

Master’s degree and 1 to 3 years of experience in Cybersecurity, vulnerability management or information security operations OR

Bachelor’s degree and 3 to 5 years of experience in Cybersecurity, vulnerability management or information security operations OR

Diploma and 7 to 9 years of experience in Cybersecurity, vulnerability management or information security operations

Must-Have Skills:

• Familiarity with vulnerability management tools (e.g., Tenable, Qualys, Rapid7).

• Understanding of CVSS scoring, vulnerability lifecycle, and remediation workflows.

• Basic knowledge of threat intelligence and how it applies to vulnerability prioritization.

• Working knowledge of network, operating system, and application-level security.

• Ability to analyze scan data and correlate it with business context and threat intelligence.

Preferred Qualifications:

Good-to-Have Skills:

• Experience with KEV, EPSS, and other threat-based scoring systems.

• Familiarity with patch management processes and tools.

• Exposure to cloud security and related scanning tools (e.g., Prisma Cloud, AWS Inspector).

• CompTIA Security+

• GIAC GSEC / GCIH

• Qualys Vulnerability Management Specialist (QVMS)

• Tenable Certified Nessus Auditor (TCNA)

Soft Skills:

• Analytical Thinking – Ability to interpret complex data sets and assess risk effectively

• Attention to Detail – Precision in identifying and tracking vulnerabilities and remediation status

• Communication Skills – Ability to communicate technical findings to both technical and non-technical audiences

• Collaboration & Teamwork – Able to work across IT, DevOps, and security teams to drive resolution

• Curiosity & Continuous Learning – Willingness to know the latest with evolving threats and technologies

• Problem-Solving Approach – Capability to identify solutions to security weaknesses in diverse environments

What you can expect of us

As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way.

In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Apply now and make a lasting impact with the Amgen team.

careers.amgen.com

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.