Vulnerability Management Analyst
Posted Today by kjohn@samrusystems.com
Negotiable
Undetermined
Remote
Remote
Summary: The Vulnerability Management Analyst is responsible for identifying, assessing, prioritizing, and remediating security vulnerabilities within the organization's infrastructure, applications, and cloud environments. This role emphasizes continuous monitoring and improvement of the organization's security posture. The analyst will collaborate with various teams to ensure effective remediation and compliance with security standards. Strong technical skills and experience in vulnerability management tools are essential for success in this position.
Key Responsibilities:
- Perform regular vulnerability scans using tools like Qualys Vulnerability Management, Tenable Nessus, or Rapid7 InsightVM
- Analyze scan results and prioritize vulnerabilities based on risk, severity, and business impact
- Coordinate with IT, DevOps, and application teams for remediation activities
- Track and report vulnerability remediation status and SLA compliance
- Conduct risk assessments and provide recommendations for mitigation
- Manage patching cycles and validate fixes after remediation
- Integrate vulnerability management into CI/CD pipelines (DevSecOps practices)
- Ensure compliance with security standards such as NIST, ISO 27001, and PCI DSS
- Support audits, penetration testing, and incident response activities
- Generate dashboards and reports for stakeholders and leadership
Key Skills:
- Strong knowledge of vulnerability management lifecycle (Identify, Assess, Remediate, Report)
- Hands-on experience with scanning tools: Qualys, Nessus, Rapid7 InsightVM
- Knowledge of operating systems (Windows, Linux, Unix)
- Understanding of network protocols, firewalls, and security architecture
- Familiarity with patch management and automation tools
- Experience with cloud platforms (AWS, Azure, Google Cloud Platform) security assessments
- Basic scripting (Python, PowerShell, Bash) for automation
- Understanding of CVSS scoring and OWASP Top 10 vulnerabilities
- Experience with regulatory frameworks (NIST, ISO, SOC 2, HIPAA)
- Knowledge of threat intelligence and risk-based prioritization
- Strong analytical and problem-solving skills
- Effective communication with technical and non-technical teams
- Ability to manage multiple tasks and deadlines
- Attention to detail and documentation skills
- Certifications such as CEH, CompTIA Security+, CISSP, GIAC (GPEN, GSEC)
- Experience in DevSecOps and automation
- Exposure to SIEM tools like Splunk
- Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)
- Security certification like CISSP/ AWS Security Specialist/ CEH or CSSLP a strong plus
Salary (Rate): £60 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Experience: 12+ Years
Job Summary
We are seeking a skilled Vulnerability Management professional responsible for identifying, assessing, prioritizing, and remediating security vulnerabilities across the organization’s infrastructure, applications, and cloud environments. The role ensures continuous monitoring and improvement of the organization’s security posture.
Key Responsibilities
Perform regular vulnerability scans using tools like Qualys Vulnerability Management, Tenable Nessus, or Rapid7 InsightVM
Analyze scan results and prioritize vulnerabilities based on risk, severity, and business impact
Coordinate with IT, DevOps, and application teams for remediation activities
Track and report vulnerability remediation status and SLA compliance
Conduct risk assessments and provide recommendations for mitigation
Manage patching cycles and validate fixes after remediation
Integrate vulnerability management into CI/CD pipelines (DevSecOps practices)
Ensure compliance with security standards such as NIST, ISO 27001, and PCI DSS
Support audits, penetration testing, and incident response activities
Generate dashboards and reports for stakeholders and leadership
Required Skills & Qualifications
Strong knowledge of vulnerability management lifecycle (Identify, Assess, Remediate, Report)
Hands-on experience with scanning tools:
Qualys
Nessus
Rapid7 InsightVM
Knowledge of operating systems (Windows, Linux, Unix)
Understanding of network protocols, firewalls, and security architecture
Familiarity with patch management and automation tools
Experience with cloud platforms (AWS, Azure, Google Cloud Platform) security assessments
Basic scripting (Python, PowerShell, Bash) for automation
Security & Compliance Knowledge
Understanding of:
CVSS scoring
OWASP Top 10 vulnerabilities
Experience with regulatory frameworks (NIST, ISO, SOC 2, HIPAA)
Knowledge of threat intelligence and risk-based prioritization
Soft Skills
Strong analytical and problem-solving skills
Effective communication with technical and non-technical teams
Ability to manage multiple tasks and deadlines
Attention to detail and documentation skills
Preferred Qualifications
Certifications such as:
CEH (Certified Ethical Hacker)
CompTIA Security+
CISSP
GIAC (GPEN, GSEC)
Experience in DevSecOps and automation
Exposure to SIEM tools like SplunkSoftware development experience
Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)
Security certification like CISSP/ AWS Security Specialist/ CEH or CSSLP a strong plus.