Security Analyst - Vulnerability Management

Company Profile

Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.

Job Description

• Vulnerability Scanning & Analysis:
• Conduct daily operational activities in Rapid7 InsightVM, including initiating and reviewing vulnerability scans.
• Add or remove assets from scan scopes as per infrastructure changes or business requirements.
• Analyze vulnerability data and prioritize findings based on severity, exploitability, and business impact.
• False Positive detection analysis.
• Risk Management & Remediation:
• Collaborate with IT and business stakeholders to drive timely patching and remediation of identified vulnerabilities.
• Track and follow up on remediation progress; escalate delays as necessary.
• Support documentation and processing of risk acceptances, including impact assessments and stakeholder sign-offs.
• Stakeholder Engagement:
• Coordinate and communicate with application owners, system administrators, and other stakeholders for scan scheduling, scope adjustments, and remediation actions.
• Provide regular reports and dashboards to management and technical teams highlighting vulnerability trends, exceptions, and compliance status.
• Patch Management Support:
• Work closely with patch management teams to align scan results with patch deployment cycles.
• Validate effectiveness of applied patches and update system records accordingly.
• Documentation & Continuous Improvement:
• Maintain accurate records of vulnerability management activities, scan scopes, and risk acceptances.
• Assist in improving scanning coverage, tuning scan configurations, and refining asset groups.

Qualifications

• 3–5 years of hands-on experience in a vulnerability management or security operations role.
• Strong working knowledge of Rapid7 InsightVM or similar vulnerability management platforms.
• Familiarity with patch management processes and tools.
• Experience conducting PCI DSS compliance scans, including asset scope definition, remediation tracking, and validation reporting.
• Understanding of risk management concepts and experience handling risk acceptances.
• Proficient in analyzing vulnerability reports, identifying root causes, and recommending mitigation strategies.

• Sound understanding of network, operating systems (Windows/Linux), and application security fundamentals.
• Solid grasp of compliance requirements including PCI DSS, CIS benchmarks, and vulnerability SLAs.
• Experience with the Service-Now Vulnerability Response module is an added advantage.

• Strong communication and stakeholder management skills.
• Good understanding of network and system security fundamentals.