Vulnerability Management Analyst

Job Description

In this vital role, the Vulnerability Management Analyst focuses on identifying, assessing, prioritizing, and tracking the remediation of vulnerabilities across our organization's technology stack. You'll play a key role in the security operations team by ensuring known vulnerabilities are managed through their lifecycle using structured processes and tools. You'll analyze vulnerability scan data, correlate threat intelligence (e.g., KEV, EPSS), and work closely with infrastructure, application, and business teams to drive risk-based remediation. Roles & Responsibilities Analyze vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications. Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context. Partner with IT and DevOps teams to track remediation progress and provide technical guidance on mitigation strategies. Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity. Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams. Support vulnerability assessment activities in cloud environments (AWS, Azure, etc.). Maintain documentation related to the vulnerability management lifecycle. Assist in policy and process development related to vulnerability and patch management. Participate in audits and compliance efforts (e.g., SOX, ISO, NIST, PCI). Basic Qualifications Master's degree and 1 to 3 years of experience in Cybersecurity, vulnerability management, or information security operations; OR Bachelor's degree and 3 to 5 years of experience in Cybersecurity, vulnerability management, or information security operations; OR Diploma and 7 to 9 years of experience in Cybersecurity, vulnerability management, or information security operations. Must-Have Skills Familiarity with vulnerability management tools (e.g., Tenable, Qualys, Rapid7). Understanding of CVSS scoring, vulnerability lifecycle, and remediation workflows. Basic knowledge of threat intelligence and how it applies to vulnerability prioritization. Working knowledge of network, operating system, and application-level security. Ability to analyze scan data and correlate it with business context and threat intelligence. Good-to-Have Skills Experience with KEV, EPSS, and other threat-based scoring systems. Familiarity with patch management processes and tools. Exposure to cloud security and related scanning tools (e.g., Prisma Cloud, AWS Inspector). CompTIA Security+ GIAC GSEC / GCIH Qualys Vulnerability Management Specialist (QVMS) Tenable Certified Nessus Auditor (TCNA) Soft Skills Analytical Thinking: Ability to interpret complex data sets and assess risk effectively. Attention to Detail: Precision in identifying and tracking vulnerabilities and remediation status. Communication Skills: Ability to communicate technical findings to both technical and non-technical audiences. Collaboration & Teamwork: Able to work across IT, DevOps, and security teams to drive resolution. Curiosity & Continuous Learning: Willingness to stay updated with evolving threats and technologies. Problem-Solving Approach: Capability to identify solutions to security weaknesses in diverse environments.