Job Description

We are seeking a proactive and technically skilled Vulnerability Management & Security Operations Analyst to support and enhance the organization's cybersecurity posture. The role is responsible for vulnerability detection, analysis, mitigation coordination, threat monitoring, and supporting incident response activities across network, systems, and application environments.

Key Responsibilities

• Support and maintain vulnerability detection and mitigation best practices across infrastructure, systems, networks, and applications.
• Apply and improve Threat & Vulnerability Management (TVM/VM) programs and contribute to the maturity of information security practices.
• Participate in incident response triage and proactive analysis related to security vulnerabilities, threats, and exploit activities.
• Analyze vulnerability feeds, vendor advisories, security alerts, and threat intelligence trends to support CDC operations with IOC/IOA development.
• Perform vulnerability analysis and apply CVSS scoring methodologies associated with vulnerability vectors and severity assessments.
• Collaborate with CDC operations and EDR teams to identify emerging threats, develop detection signatures, and create monitoring use cases for exploit prevention and detection.
• Provide regular updates and security assessment reports to stakeholders, including identified risks, remediation recommendations, and workaround solutions.
• Track and manage the vulnerability remediation lifecycle to ensure timely closure of findings and compliance with SLA requirements.
• Continuously investigate the latest security vulnerabilities, exploitation techniques, penetration methods, and vendor advisories, and communicate relevant risks to stakeholders.
• Support ongoing and future Vulnerability Management (VM) initiatives, security improvement projects, and operational enhancements.
• Provide security assessment, consultation, and recommendations related to firewall, network, and endpoint security configurations.
• Work closely with IT, infrastructure, cloud, and application teams to coordinate remediation and security hardening activities.
• Assist in improving operational processes, reporting dashboards, and security metrics related to vulnerability management.

Requirements

Technical Skills & Experience

• Bachelor's degree in Cyber Security, Information Security, Computer Science, Information Technology, or related field.
• 3–5+ years of experience in Vulnerability Management, SOC, Cyber Defense, or Information Security Operations.
• Strong understanding of vulnerability management lifecycle, threat intelligence, and incident response processes.
• Experience with vulnerability scanning and assessment tools such as:
  • Tenable Nessus
  • Qualys VMDR
  • Rapid7 InsightVM
• Familiarity with EDR/SIEM platforms such as:
  • Microsoft Defender for Endpoint
  • CrowdStrike Falcon
  • Splunk
• Good understanding of:
  • CVSS scoring framework
  • IOC/IOA concepts
  • MITRE ATT&CK framework
  • Threat hunting and exploit detection
  • Firewall and network security principles
• Knowledge of operating systems, network protocols, cloud security, and application security concepts.
• Experience in scripting or automation (Python, PowerShell, Bash) is an advantage.
• Familiarity with security frameworks and standards such as ISO 27001, NIST, CIS Controls, or PCI-DSS is preferred.

Soft Skills

• Strong analytical and problem-solving skills.
• Good communication and stakeholder management capabilities.
• Ability to work independently and collaboratively in a fast-paced environment.
• Strong attention to detail and risk-oriented mindset.
• Ability to prioritize vulnerabilities based on business and security impact.

Preferred Certifications

• EC-Council Certified Ethical Hacker (CEH)
• ISC2 CISSP
• CompTIA Security+
• GIAC or other relevant cybersecurity certifications are an advantage.