Analyst - Vulnerability Management

What You'll Do

• This security analyst will be part of a team tasked with identifying, tracking and verifying the remediation of vulnerabilities in internal and external applications and systems. This role involves performing deep-dive analysis of vulnerabilities, operating vulnerability scanning tools, and building relationships with other groups within the IT organization.
• Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
• Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
• Advise employees responsible for remediation on the best reduction and remediation practices
• Review and analyze vulnerability data to identify trends and patterns
• Regularly report on the state of vulnerabilities, including their criticality, exploit probability, business impact, and remediation strategies.
• Serve as a point of contact for new and existing vulnerability-related issues.
• Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
• Maintain documentation related to vulnerability policies and procedures.
• Perform other duties as assigned.

Qualifications

• Bachelor's degree in a technical discipline
• 3-5 years of experience in security operations, vulnerability management or IT operations

Skills

• Ability to analyze and understand vulnerabilities and exploits
• Proficiency with commercial and open source vulnerability management solutions.
• Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques.
• Understanding of operating systems, applications, infrastructure, and cloud computing services.
• Understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle.
• Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies.
• Preferably some experience with vulnerability management across AWS, Azure, or Google cloud Platform.
• Experience in threat hunting, adversary emulation, or red teaming exercises is a plus.
• Strong communication skills: Ability to communicate effectively across all levels of the organization.
• Project management skills: Strong project management, multitasking, and organizational skills.