Vulnerability Management Analyst

Job Description

The Vulnerability Management Analyst will be part of ZS IT Information Security team in Pune. As a Vulnerability Management Analyst, you will be responsible for security vulnerability and threat analysis, planning, prioritizing, and remediating discovered vulnerabilities. To help achieve these goals, you will be responsible for collaboration with multiple teams across ZS to coordinate and enforce mitigation efforts. In addition, you will be expected to stay up to date on technology and security trends and make recommendations to enhance the security posture of ZS infrastructure and applications. What you'll do: Review internal and external vulnerability scans, pen test results, threat intelligence, red team findings, and additional vulnerability inputs, prioritize remediation of discovered vulnerabilities, and coordinate mitigation efforts across all teams and systems Collaborate with the team members and help operationalize defined vulnerability management processes Coordinate with respective teams to ensure timely update and configuration of software and operating systems with the latest patches and security settings to ensure the proper defenses are present Contribute to defining, reviewing, and enacting security policies and practices Stay apprised of the threat landscape, vulnerabilities, and industry best practices and make recommendations to improve ZSs security posture Review and create SOPs & technical documents/runbooks to support team processes and ISMS requirements Work closely with other information security teams to ensure operational efficiency and stay apprised of overall ZS security posture and capabilities What you'll bring: Bachelors degree in information security, Information Technology, or related field 1-3 years of experience in Threat and Vulnerability Management or equivalent knowledge Strong knowledge in industry standard VAPT tools like Tenable (Nessus), Rapid7, Qualys, Wiz and open-source tools Demonstratable expertise and experience with security related incidents is desirable Understanding and experience on working with cloud security services (AWS, Azure, GCP; others a plus) Must be a team player, dedicated, and proactive Must possess good communication, problem-solving, critical thinking, and organizational skills Must have good presentation skills Ability to clearly present technical approaches or findings in oral and written format Ability to present ideas in business-friendly and user-friendly language Highly self-motivated and directed Candidate should be flexible to work in late shifts to converse with leadership teams in US as needed