Analyst - Vulnerability Management

What you'll do:

This security analyst will be part of a team tasked with identifying, tracking and verifying the remediation of vulnerabilities in internal and external applications and systems. This role involves performing deep-dive analysis of vulnerabilities, operating vulnerability scanning tools, and building relationships with other groups within the IT organization.

- Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
- Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
- Advise employees responsible for remediation on the best reduction and remediation practices
- Review and analyze vulnerability data to identify trends and patterns

- Regularly report on the state of vulnerabilities, including their criticality, exploit probability, business impact, and remediation strategies.
- Serve as a point of contact for new and existing vulnerability-related issues.
- Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
- Maintain documentation related to vulnerability policies and procedures.
- Perform other duties as assigned.

Qualifications:

• Bachelor's degree in a technical discipline
• 3-5 years of experience in security operations, vulnerability management or IT operations

Skills:

- Ability to analyze and understand vulnerabilities and exploits
- Proficiency with commercial and open source vulnerability management solutions.
- Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques.
- Understanding of operating systems, applications, infrastructure, and cloud computing services.
- Understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle.
- Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies.
- Preferably some experience with vulnerability management across AWS, Azure, or Google cloud Platform.
- Experience in threat hunting, adversary emulation, or red teaming exercises is a plus."
- Strong communication skills: Ability to communicate effectively across all levels of the organization.
- Project management skills: Strong project management, multitasking, and organizational skills.