Vulnerability Management Analyst

Vulnerability Management Analyst

– Fully remote

– Experience using the following programs preferred: Microsoft XDR (Defender Suite) ,MDVM – Microsoft Defender for Vulnerability Management, Tenable.One OR Tenable.io and Nessus agent

We are seeking a highly skilled and motivated Vulnerability Management Analyst to assist the corporate Information Security team. The team protects the confidentiality, integrity, and availability of data and systems in core systems and platforms. A successful candidate will be responsible for identifying, assessing, and mitigating vulnerabilities within our IT infrastructure, as well as maintaining and configuring the tools and systems used for vulnerability management. This role requires a proactive approach to vulnerability management and a strong understanding of cybersecurity best practices.

Job Responsibilities

• Conduct regular vulnerability assessments and scans on the network, systems, and applications.

• Analyze and prioritize vulnerabilities based on risk and potential impact.

• Collaborate with IT and development teams to remediate identified vulnerabilities.

• Monitor and track vulnerability remediation efforts and provide regular status updates.

• Develop and maintain vulnerability management policies, procedures, and documentation.

• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends.

• Demonstrate expertise in using vulnerability assessment tools such as Nessus, Qualys, and Rapid7.

• Develop and maintain a risk register to document and track identified vulnerabilities and associated risks.

Qualifications & Experience Education

• Bachelor’s degree in Computer Science, Information Technology, or a related field.

• 3+ years of experience in vulnerability management or a related cybersecurity role.

• Familiarity with common security frameworks and standards (e.g., NIST, ISO 27001).

• Excellent analytical and problem-solving skills.

• Relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are a plus.

• Ability to communicate technical details concisely for the appropriate audience.

• Ability to work with different functional groups and levels of employees to achieve results effectively and professionally.

• Strong organizational skills; ability to accomplish multiple tasks within the agreed upon timeframes through effective prioritization of duties and functions in a fast-paced environment.

FAQ

1. What are the primary responsibilities of a Vulnerability Management Analyst?
This role focuses on identifying, assessing, and prioritizing security vulnerabilities across systems, applications, and networks. It involves running scans, analyzing findings, and coordinating remediation efforts with IT and security teams. The goal is to reduce organizational risk and strengthen overall security posture.

2. What tools are commonly used in vulnerability management?
Common tools include vulnerability scanners like Nessus, Qualys, and Rapid7, along with ticketing systems for tracking remediation. Security information and event management (SIEM) tools may also be used for monitoring. Knowledge of asset management and patch management tools is important.

3. How are vulnerabilities prioritized and managed?
Vulnerabilities are prioritized based on severity, exploitability, and business impact. Frameworks like CVSS scores help guide prioritization. The analyst ensures critical issues are addressed quickly while managing lower-risk vulnerabilities through scheduled remediation.

4. What is the role of patch management in this position?
Patch management is a key component, involving the deployment of updates to fix identified vulnerabilities. The analyst works with IT teams to ensure patches are applied in a timely and controlled manner. This helps minimize exposure to known threats.

5. How does this role collaborate with other teams?
The analyst works closely with IT, DevOps, and security teams to coordinate vulnerability remediation. They provide clear guidance on risks and recommended fixes. Effective communication ensures timely resolution and alignment across teams.