Vulnerability Analyst Job Description
Vulnerability Analyst Duties & Responsibilities
To write an effective vulnerability analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Vulnerability Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Analyst
List any licenses or certifications required by the position: CISSP, GPEN, GCIH, CISA, IAT, III, CEH, US, EN, ITIL
Education for Vulnerability Analyst
Typically a job would require a certain level of education.
Employers hiring for the vulnerability analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Technical, Education, Engineering, Information Technology, Cyber Security, Information Systems, Web Development, Technology
Skills for Vulnerability Analyst
Desired skills for vulnerability analyst include:
Desired experience for vulnerability analyst includes:
Vulnerability Analyst Examples
Vulnerability Analyst Job Description
- Recommend security and mitigating controls to reduce technical and business risk
- Enhance the Vulnerability Management Lifecycle Program for all environments
- Reporting vulnerabilities to Management and to ensure the organization remediation efforts meet GIS standards
- Vulnerability and Security Research
- Gathers security related information across multiple electronic, computer and development environments
- Participates in information security audits to proactively minimize and eliminate information security vulnerabilities
- Application Code review and reporting of the vulnerabilities
- Performs detailed security evaluations associated with designing and installing Qualys Guard Enterprise Vulnerability Management
- Help coordinate, coach, develop, and lead the team responsible for risk assessments, inventory and remediation planning
- Develop and maintain data collection configurations for vulnerability and compliance management
- Experience with vulnerability scanning tools required - Experience with POA&M management required - Self-starter that can work independently with minimal direction - Experience with information assurance processes and the NIST Risk Management Framework desired
- 2 years of experience with research, counterintelligence, intelligence analysis, security, or data science
- Experience with host-based detection tools
- BA or BS degree or 4+ years of experience with intelligence analysis and counterintelligence
- Knowledge of existing information technology products, including network, security, analytic, and infrastructure-related tools
- Possession of excellent critical thinking, data gathering, data analysis, report writing, leadership, presentation, analytic, quantitative, time management, and consulting skills
Vulnerability Analyst Job Description
- Support other SMAC initiatives and technologies
- Assist in development and implementation of an information security vulnerability management policies, procedures, and standards
- Perform and oversee research of special topics that may arise coincidently to the technical assessments, and prepare structured studies and analyses as appropriate
- Oversee enterprise vulnerability assessment program and maintain tools used to perform the ongoing assessments
- Configure and coordinate network and application penetration tests as needed
- Provide risk assessment of vulnerabilities identified and pen test results
- Utilize threat and CERT advisories to potential impact to enterprise posed by various vulnerabilities
- Oversee global patch management program and work with global contacts to ensure that critical patches are deployed
- Develop and maintain remediation and mitigation processes with Security team to address or resolve risks associated with vulnerabilities
- Monitor and report on remediation and/or mitigation progress to leadership team
- 5 years of experience with counterintelligence, intelligence analysis, security, or data science in a range of threat mitigation issues
- Knowledge of investigative methodologies and decomposing behavioral profiles to develop investigative plans
- Possession of excellent leadership, presentation, analytic, quantitative, and data gathering skills
- Either 3+ years of relevant analytic experience or a bachelor’s degree
- 3 years of experience with host-based detection tools and advanced analytic methodologies
- Undergraduate degree and 4-6 years relevant vulnerability assessment experience, or equivalent combination of education and work experience
Vulnerability Analyst Job Description
- Execution and support of vulnerability analysis activities in support of Common Criteria certifications of products (technical report review, follow-up investigation with focus on hardware, crypto libraries, and operating systems)
- Identifying and analysing emerging threats that could affect technology platforms managed in the region
- Providing advice and guidance on the mitigation of risks associated with vulnerabilities and non-compliance with Operational Security Standards liaising with regional/country technology teams as required
- Performing periodic and ad-hoc vulnerability assessments, assessing newly identified vulnerabilities and it impact on the enterprise and communicate to respective stake holders
- As a member of the extended Global IT Security team, working closely with peers to provide a cohesive and collaborative end-to-end security function
- Liaising with relevant governance, platform, service delivery and management areas
- Build good relationships with teams, and stakeholders at all levels
- Ensure parameters are established and monitor process quality and performance metrics
- Responsible for configuring and maintaining vulnerability assessment tools, performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
- Keep current with vulnerabilities, attacks, and countermeasures devoting time to research and development activities
- Bachelor's degree in IT Security, Information Systems, or Computer Science or equivalent experience
- Minimum of 6 years of progressive experience in information technology including 4 years in systems and or applications security, including maintenance and use of security products in a distributed enterprise environment
- Appropriate security certifications, such as CISSP, CISA, C|EH
- Required demonstrated knowledge of information technology security, trends, leading practices, and regulatory and industry standard compliance issues such as, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Standard (PCI), and FIPS-140
- Progressive background and experience in administering and supporting all areas of information technology
- Assist in development of security-related software development processes including coding standards, technical documentation standards, QA processes, build, and configuration management
Vulnerability Analyst Job Description
- Recommend solutions to remediate issues identified from application security testing
- Manage the life cycle of application security vulnerabilities, from identification to validation and remediation
- Manage policies in application security preventive and detective tools
- Develop a formalized threat and vulnerability management program including a fully accessible and manageable CMDB / inventory of assets (or a combination of such systems resulting in this capability)
- Enhances the current patching standards and processes and cover vulnerabilities across all system assets (operating systems, applications, mobile apps, phones, network systems like routers and switches, all other company systems)
- Tracks the CVSS DB entries and receives daily alerts from several external sources (including but not limited to the NRF-ISACs, InfraGard, CERTs, ext
- Partners with the other security functions and IT to understand the data flow across systems to understand the exposure risk and attack surface for a specific vulnerability to prioritize actions and risk responses
- Proactively establishes good working relationships with external sources and other key parties
- Perform regular security analysis of items assigned management
- Fulfill risk assessments around vulnerability and threat management and supports the risk assessment process and documents findings in the risk register
- Knowledge of common attack methodologies
- Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems
- Sound knowledge of network protocols, operating systems and management systems with hands-on experience
- Knowledge of TCP/IP networking and standard protocols (FTP, SMTP, HTTP, SNMP)
- Interactions, hand-offs
- Works with Security Architecture to establish and document standard security policies and procedures
Vulnerability Analyst Job Description
- Analyze or produce current state documentation and deliver regular reports to management regarding projects affecting vulnerability and threat management capability
- Forecast updates on the threat landscape or other critical issues with the development of a security intelligence capability
- Perform relevant industry research and shares finding with the security team and other parties via regular verbal and written communication
- Provide influence over the overall information security program via attack surface reduction efforts
- Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses, threat modeling and risk assessments, studying architecture/platform, identifying integration issues, preparing cost estimates
- Drive the architecture for key security aspects of the core framework throughout the stack (infrastructure, platform and application) and develop designs geared towards massive scalability and availability
- Design security systems by evaluating network and security technologies, developing requirements for Application offerings, DDoS protections, and related security and network devices
- Drive developers and engineering managers to adopt architectural changes in security and adapt to the emerging security requirements and technologies, coach engineers to overturn assumptions and think big
- Collaborate effectively with peer Architects and Application development teams to solve complex problems spanning their respective areas and resolve technological disagreement with informed, rational debate
- Lead security projects from inception to creation of guidelines used to deployed security components into production
- Involvement with the enterprise project management office in testing new systems and software for vulnerabilities prior to go-live
- Provides guidance to ITS and hospital staff on security policy and standards
- Bachelor's degree in computer science, MIS, or related field or equivalent experience
- 2-5 years of Information Security in various disciplines
- Demonstrated leadership in the realm of information security to internal and external customers
- Proven experience with Vulnerability testing