Vulnerability Management Job Description
Vulnerability management
provides security profiling analysis for a wide range of network security technologies including, but not limited to: IPS/IDS, NAC, VPN, proxies, routers, and switches.
Vulnerability Management Duties & Responsibilities
To write an effective vulnerability management job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability management job description templates that you can modify and use.
Sample responsibilities for this position include:
Manage the security vulnerabilities and risks across WB including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure)
Analyze site/enterprise Computer Network Defense policies and configurations and evaluate compliance with regulations and enterprise directives
Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)
Maintain knowledge of applicable policies, regulations, and compliance documents specifically related to Computer Network Defense auditing
Provide leadership hands-on technical direction to deliver problem, solution, tactical, and break-fix capability
Work closely with both business-oriented executives and leads technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively
Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
Maintain appropriate management reporting mechanisms to facility communication of the TVM program state across multiple levels within the organization
Maintains and directs execution of the Corporate Vulnerability Management Program (VMP) including the delivery of enterprise wide vulnerability assessments and targeted penetration testing
Vulnerability Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Management
List any licenses or certifications required by the position: CISSP, CISA, GPEN, GCIH, CISM, CEH, III, PMP, IAT, OSCP
Education for Vulnerability Management
Typically a job would require a certain level of education.
Employers hiring for the vulnerability management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Engineering, Information Security, Education, Information Technology, Information Systems, Technical, Cyber Security, Technology, Business
Skills for Vulnerability Management
Desired skills for vulnerability management include:
DNS
IDS/IPS
Network security
HIPAA
Operating systems
PCI
Application security
Protocols
NIST
Principles
Desired experience for vulnerability management includes:
Solid understanding of information security policies, standards and industry best practices
Experience in performing risk assessments on different applications and technologies
Be expected to regularly make decisions that impact the implementation of plans to achieve annual goals
Familiarity with Vulnerability Management tools such as Qualys QualysGuard, nCircle IP360, McAfee Foundstone, Tenable Nessus
Familiar with Policy Compliance tools such as Qualys QualysGuard, Symantec CCS, Microsoft SCM
Familiar with Web Application Scanning tools such as WhiteHat, IBM Appscan, HP WebInspect
Vulnerability Management Examples
1
Vulnerability Management Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of vulnerability management. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vulnerability management
- Collaborates with the Infrastructure Security Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization
- Produces and regularly evaluates all TVM program and process related documentation
- Performing and providing vulnerability assessment results and recommendations to the NISSC Program Engineer, Program Protection Lead and/or Systems Security and Accreditation section as necessary
- Develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities
- Provide regular reporting on patch management program and overall operation status of patch compliance
- Manage a team that performs technical security assessments of applications & infrastructure, secure design & configuration
- Hands-on leadership position with technical and non-technical internal partners
- Design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large complex organization
- Expert level familiarity with enterprise vulnerability management tools, such as Qualys and RSA VRM
- Ensure effective and complete scanning of the corporate and production environments
Qualifications for vulnerability management
- CISSP, CISA or equivalent designation
- Minimum Bachelors degree in Information systems or related field or an equivalent combination of education and experience
- Familiar with Security Single Pane of Glass implementations or frameworks such as RSA Archer, Modulo, Risk I/O
- Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
- Security management tools
- Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention)
2
Vulnerability Management Job Description
Job Description Example
Our growing company is looking to fill the role of vulnerability management. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability management
- Ensure the accurate and timely release of vulnerability metrics
- Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in external security communities
- Manage a team of specialists in Threat Intelligence, Penetration Testing, and Governance, Risk Management, and Compliance
- Manage the work direction and resources needs for the EVM platform within Enterprise Security Services
- Define, publish and maintain a strategic plan for assigned business area
- Develop risk management plans and EVM strategies and solutions
- Manage EVM support to business and technical teams in the design of standardized products and customized solutions
- Provide threat analysis summations to leadership along with propose actions to minimize threats
- Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies
- Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization
Qualifications for vulnerability management
- Extensive knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines
- Previous experience with AppSec Vulnerability Management/Risk Management
- Ability to work in a persuasive manner
- Process engineering and operations
- Deep project and program management skills
- Experience using vulnerability assessment tools such as
3
Vulnerability Management Job Description
Job Description Example
Our growing company is hiring for a vulnerability management. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability management
- Use vulnerability scanners to scan devices for vulnerabilities
- Provide analytical support and consultation for vulnerabilities with internal teams
- Prepare and present reports that document vulnerability trends within our environments key areas for improvement
- Understand company security policies/standards and government regulations
- Recommend new security tools and methodology to improve security posture
- Identify and evaluate complex business and technology risks
- The contractor shall administer, operate, update, patch, configure, develop, integrate, install, troubleshoot and maintain vulnerability management systems, tools, tactics, techniques and procedures
- Scanning, tracking, recording and reporting vulnerabilities using government provided tools
- Reporting and uploading scan results to the DISA's Vulnerability Management System (VMS) tool, or its successor, on a monthly or as needed basis for Air Force Base's (AFB) to review and remediate
- Performing trend and analysis of vulnerability scan data
Qualifications for vulnerability management
- A passion for, and deep understanding of, vulnerability and threat management
- 3 plus years relevant work experience with general industry experience in the security field
- CISSP or other security certifications are a plus
- Experience with vulnerability scanners (Nexpose preferred)
- Minimum 12 years’ overall experience in Information Security and Technology (including hands-on knowledge of network, mainframe, mid-range, and distributed systems security) with expertise in the areas of threat intelligence, incident response, and vulnerability management
- Minimum 5 years’ experience managing an incident response program and forensic capabilities
4
Vulnerability Management Job Description
Job Description Example
Our company is hiring for a vulnerability management. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability management
- Developing draft TOs, SOPs, checklists, guides, best practices and procedures for conducting vulnerability assessments
- Automating procedures using scripts, Sequel (SQL)/database administration, or other available technology
- Reporting repeat high vulnerabilities to the communications unit monthly
- Maintaining vulnerability management tools
- Oversee the development, maintenance, and continual improvement of vulnerability management infrastructure, initiatives, integration, processes, and technical assessment support
- Drive automation of vulnerability management tools and processes
- Understanding of infrastructure, IoT, application, and cloud vulnerability scanning
- Classify and prioritize the risk of new vulnerabilities based on the company’s environment
- Maintain metrics and reports on vulnerability findings and remediation compliance
- Work closely with business and technology stakeholders to drive vulnerability remediation
Qualifications for vulnerability management
- Minimum 5 years’ experience managing the Vulnerability Management process
- Minimum 3 years’ experience designing or managing SOC operations
- CISSP, CEH, SANS GIAC or other security relevant certifications are preferred
- Excellent communication skills translating complex technical information across all levels of the organization
- Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able handle multiple concurrent tasks
- 3+ years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance
5
Vulnerability Management Job Description
Job Description Example
Our growing company is hiring for a vulnerability management. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability management
- Maintaining an understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items
- Partner and collaborate with business and technology teams to provide vulnerability and security expertise as the teams develop remediation solutions for security vulnerabilities
- Effectively manages Vulnerability Management resources by ensuring resources are appropriately trained, tasked and delivering against milestones
- Supports and executes effective resource and activity forecasting
- Produces complex, high-priority recurring, automated and ad-hoc vulnerability and status reports with the purpose of measuring progress towards goals, measuring performance against objectives, and identifying improvement opportunities in the areas of vulnerability identification, assessment, assignment and remediation
- Develop documentation for requirements, architectural designs, engineering drawings and diagrams, operational policies and procedures
- Serve as the subject matter expert on all matters of Enterprise Information Security, and specific to CSARC
- Analyze architecture and provide feedback for architectures submitted by engineers and analysts
- Coordinate with other teams on new architecture or enhancements (Risk, Strategy, Engineering, DevOps)
- Research and recommend enhancements to CSARC services
Qualifications for vulnerability management
- Strong leadership and teambuilding skills.Expert level familiarity with enterprise vulnerability management tools, such as Qualys and RSA VRM
- Working knowledge of ITIL change management / patch management
- Experience with system hardening and secure configuration frameworks
- Strong desire to work on the front line of Security
- Highly skilled and/or educated in the area of Information Security
- Able to multi-task, prioritize, and resolve multiple inquiries at once