Senior Information Security Analyst

Job Description:

Vulnerability Management & Triaging is responsible for overseeing the identification, assessment, and triaging of vulnerabilities within the organization’s IT infrastructure. This role ensures vulnerabilities are appropriately prioritized and addressed, coordinating efforts across multiple teams to maintain a secure IT environment and compliance with security policies and regulations.

Key Responsibilities

1. Vulnerability Management and Triaging:

• Perform end-to-end management of identified vulnerabilities, including detection, triaging, and reporting.
• Collaborate with IT and development teams to validate and assess the impact of vulnerabilities.
• Ensure timely remediation efforts and track closure of vulnerabilities.
• Interaction and collaboration with multiple internal and external stakeholders.

2. Prioritization and Triaging:

• Classify and prioritize vulnerabilities based on severity, potential impact, and exposure.
• Act as a liaison between vulnerability scanning teams and remediation teams, ensuring clear communication and efficient resolution.
• Escalate high-risk vulnerabilities to appropriate stakeholders with actionable recommendations.
• Designing solutions and working with multiple teams for implementation.

3. Tools and Technology:

• Operate and manage vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7).
• Hands-on experience with ServiceNow VR module.
• Ensure scanning processes are optimized and aligned with business needs.
• Stay up to date on emerging tools and technologies to improve vulnerability management processes.

4. Reporting and Metrics:

• Develop and maintain dashboards and reports on vulnerability management metrics (e.g., mean time to resolve, risk levels).
• Good knowledge on vulnerability management KRI and KPIs.
• Provide regular updates to leadership on vulnerability trends, risks, and remediation progress.
• Good understanding on reconciliation of vulnerability reports.

5. Policy and Compliance:

• Ensure adherence to regulatory requirements, organizational security policies, and industry best practices.
• Contribute to internal audits and assessments related to vulnerability management.

Qualifications and Skills

Required:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 7+ years of experience in IT security, vulnerability management, or related domains.
• Strong knowledge of vulnerability management frameworks, tools, and best practices.
• Proficiency in tools like Qualys, Tenable, or Rapid7.
• Understanding of network protocols, operating systems, and application security.
• Experience with risk assessment and prioritization methodologies (e.g., CVSS, CVE and EPSS).

Preferred:

• Certifications such as CEH, SANS-GEVA or equivalent.
• Familiarity with regulatory standards (e.g., ISO 27001, PCI DSS, NIST).
• Experience working in large-scale enterprise environments.

Soft Skills:

• Excellent analytical and problem-solving abilities.
• Strong communication skills with the ability to convey technical concepts to non-technical audiences.
• Ability to manage multiple tasks and prioritize effectively in a fast-paced environment.