Vulnerability Management Analyst

About The Position

Requirements

• Degree in Computer Science or a related field.
• Minimum of three years of work experience in IT.
• Networking, workstation, and Server Maintenance is a plus.
• Familiarity with Qualys or other security scanning solutions.
• Experience with ServiceNow is a bonus.
• Excellent Excel skills.
• familiar with Patch management activities
• Experience with Azure fundamentals
• Two years of Lead or management experience

Responsibilities

• Follow up on vulnerabilities in infrastructure (servers, networking, workstations), cloud environments, and applications (APIs, web applications, software).
• Conduct infrastructure vulnerability assessments and categorize and prioritize vulnerabilities.
• Manage exposure to discovered vulnerabilities and analyze root causes.
• Coordinate with the risk management team and attend hand-off calls for vulnerabilities.
• Ensure zero-day vulnerabilities are properly communicated and managed.
• Report on vulnerabilities and facilitate policy exception meetings.
• Engage stakeholders to assess and mitigate risks.
• Help define and drive vulnerability management processes.
• Conduct regular scans and assessments of workstations, servers, networks, cloud environment, and applications.
• Maintain awareness of emerging vulnerabilities, threats, and exploits.
• Collaborate with IT and application teams to remediate identified vulnerabilities within agreed timelines.
• Provide actionable recommendations to mitigate risks, including patching, configuration changes, or compensating controls.
• Monitor and validate remediation efforts to ensure vulnerabilities are effectively addressed.
• Serve as a liaison between security, IT, and business teams to accurately measure risk and facilitate remediation.
• Provide regular reports to management on the state of vulnerabilities, risks, and remediation progress.
• Manage and optimize vulnerability management tools (e.g., Qualys, Wiz, Veracode).
• Ensure tools are properly configured and updated to deliver accurate and comprehensive results.
• Support audits and assessments by providing evidence of vulnerability management activities.
• Monitor changes to the environment to identify if those changes compromise security.
• Investigate security breaches and other cybersecurity incidents with minimal assistance.
• Work with business units to remediate identified issues with minimal assistance.
• Assist in process improvements to enhance the efficiency of current operational procedures.

Benefits

• Health, Dental and Vision plans
• 401(k) Match
• Volunteer time off
• Short-term and long-term disability
• Accident, Life and Travel insurance, as well as flexible spending
• Tuition Reimbursement Options
• Employee Assistance Program (EAP)
• Length of Service Awards
• Medical/Dental/Vision Insurance
• 401(k) Retirement Plan - US
• RRS Plan – CAN
• Paid Parental Leave
• Paid Holidays and Paid Time Off
• Tuition Reimbursement