Vulnerability Management Analyst

Job Description

Job Summary We are seeking a highly skilled and motivated Vulnerability Management Specialist with at least 5 years of hands-on experience in identifying, assessing, and mitigating security vulnerabilities across enterprise environments. The ideal candidate will have a strong understanding of cybersecurity principles, vulnerability scanning tools, and risk management frameworks, with the ability to communicate technical issues to non-technical stakeholders. Job Requirements • Manage the end-to-end vulnerability management lifecycle: discovery, classification, prioritization, remediation tracking, and reporting. • Conduct regular vulnerability assessments using tools such as Qualys, Tenable, Nessus, or Rapid7. • Collaborate with system owners, infrastructure teams, and developers to address and remediate vulnerabilities. • Monitor threat intelligence feeds to identify and assess emerging vulnerabilities. • Develop and maintain metrics and reports on vulnerability status, trends, and remediation progress. • Ensure compliance with internal security policies and external regulatory standards (e.g., PCI-DSS, ISO 27001, HIPAA). • Coordinate periodic penetration testing and work with external vendors as needed. • Assist in maintaining and improving the organization's vulnerability management processes and tools. • Strong analytical and problem-solving skills. • Excellent written and verbal communication. • Ability to manage multiple priorities and work effectively in a fast-paced environment. • Collaborative mindset with a strong sense of accountability. • Security certifications such as CISSP, CEH, OSCP, CompTIA Security+, or GIAC. • Experience with scripting languages (Python, PowerShell, Bash) for automation of vulnerability tasks. • Exposure to cloud environments (AWS, Azure, GCP) and related security controls. • Familiarity with SIEM and ticketing systems (e.g., Splunk, ServiceNow). Education • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). • Minimum of 5 years of professional experience in vulnerability management, information security, or a related domain. • Strong knowledge of operating systems (Windows, Linux, Unix), network protocols, and application architectures. • Hands-on experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7, Tenable.io). • Familiarity with patch management practices and tools. • Understanding of CVSS scoring, OWASP Top 10, and MITRE ATT&CK framework. • Experience interpreting and responding to vulnerability alerts (e.g., CVEs, vendor advisories).