Security Analyst - Vulnerability Management
Chennai, India
Lennox International
Explore Lennox comfort and energy-efficient solutions for heating and cooling your space. Upgrade your home's HVAC system with industry-leading solutions.Company Profile
Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.
Job Description
- Vulnerability Scanning & Analysis:
- Conduct daily operational activities in Rapid7 InsightVM, including initiating and reviewing vulnerability scans.
- Add or remove assets from scan scopes as per infrastructure changes or business requirements.
- Analyze vulnerability data and prioritize findings based on severity, exploitability, and business impact.
- False Positive detection analysis.
- Risk Management & Remediation:
- Collaborate with IT and business stakeholders to drive timely patching and remediation of identified vulnerabilities.
- Track and follow up on remediation progress; escalate delays as necessary.
- Support documentation and processing of risk acceptances, including impact assessments and stakeholder sign-offs.
- Stakeholder Engagement:
- Coordinate and communicate with application owners, system administrators, and other stakeholders for scan scheduling, scope adjustments, and remediation actions.
- Provide regular reports and dashboards to management and technical teams highlighting vulnerability trends, exceptions, and compliance status.
- Patch Management Support:
- Work closely with patch management teams to align scan results with patch deployment cycles.
- Validate effectiveness of applied patches and update system records accordingly.
- Documentation & Continuous Improvement:
- Maintain accurate records of vulnerability management activities, scan scopes, and risk acceptances.
- Assist in improving scanning coverage, tuning scan configurations, and refining asset groups.
Qualifications
- 3–5 years of hands-on experience in a vulnerability management or security operations role.
- Strong working knowledge of Rapid7 InsightVM or similar vulnerability management platforms.
- Familiarity with patch management processes and tools.
- Experience conducting PCI DSS compliance scans, including asset scope definition, remediation tracking, and validation reporting.
- Understanding of risk management concepts and experience handling risk acceptances.
- Proficient in analyzing vulnerability reports, identifying root causes, and recommending mitigation strategies.
- Sound understanding of network, operating systems (Windows/Linux), and application security fundamentals.
- Solid grasp of compliance requirements including PCI DSS, CIS benchmarks, and vulnerability SLAs.
- Experience with the Service-Now Vulnerability Response module is an added advantage.
- Strong communication and stakeholder management skills.
- Good understanding of network and system security fundamentals.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Compliance InsightVM Linux PCI DSS Risk management SLAs Vulnerabilities Vulnerability management Vulnerability scans Windows
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.