Vulnerability Management Job Description
Vulnerability Management Duties & Responsibilities
To write an effective vulnerability management job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability management job description templates that you can modify and use.
Sample responsibilities for this position include:
Vulnerability Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Management
List any licenses or certifications required by the position: CISSP, CISA, GPEN, GCIH, CISM, CEH, III, PMP, IAT, OSCP
Education for Vulnerability Management
Typically a job would require a certain level of education.
Employers hiring for the vulnerability management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Engineering, Information Security, Education, Information Technology, Information Systems, Technical, Cyber Security, Technology, Business
Skills for Vulnerability Management
Desired skills for vulnerability management include:
Desired experience for vulnerability management includes:
Vulnerability Management Examples
Vulnerability Management Job Description
- Collaborates with the Infrastructure Security Operations Team ensuring proper Security Operations Center (SOC) performance, threat strategy, management and reporting across the organization
- Produces and regularly evaluates all TVM program and process related documentation
- Performing and providing vulnerability assessment results and recommendations to the NISSC Program Engineer, Program Protection Lead and/or Systems Security and Accreditation section as necessary
- Develop scripts to automate the system installation of required patches and configurations to remediated identified system vulnerabilities
- Provide regular reporting on patch management program and overall operation status of patch compliance
- Manage a team that performs technical security assessments of applications & infrastructure, secure design & configuration
- Hands-on leadership position with technical and non-technical internal partners
- Design and drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large complex organization
- Expert level familiarity with enterprise vulnerability management tools, such as Qualys and RSA VRM
- Ensure effective and complete scanning of the corporate and production environments
- CISSP, CISA or equivalent designation
- Minimum Bachelors degree in Information systems or related field or an equivalent combination of education and experience
- Familiar with Security Single Pane of Glass implementations or frameworks such as RSA Archer, Modulo, Risk I/O
- Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
- Security management tools
- Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention)
Vulnerability Management Job Description
- Ensure the accurate and timely release of vulnerability metrics
- Research and investigate new and emerging vulnerabilities, to include Zero Day events, assess against risk to the corporate and production environments, and participate in external security communities
- Manage a team of specialists in Threat Intelligence, Penetration Testing, and Governance, Risk Management, and Compliance
- Manage the work direction and resources needs for the EVM platform within Enterprise Security Services
- Define, publish and maintain a strategic plan for assigned business area
- Develop risk management plans and EVM strategies and solutions
- Manage EVM support to business and technical teams in the design of standardized products and customized solutions
- Provide threat analysis summations to leadership along with propose actions to minimize threats
- Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies
- Provide vulnerability risk assessment guidance to peers and stakeholders throughout the organization
- Extensive knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines
- Previous experience with AppSec Vulnerability Management/Risk Management
- Ability to work in a persuasive manner
- Process engineering and operations
- Deep project and program management skills
- Experience using vulnerability assessment tools such as
Vulnerability Management Job Description
- Use vulnerability scanners to scan devices for vulnerabilities
- Provide analytical support and consultation for vulnerabilities with internal teams
- Prepare and present reports that document vulnerability trends within our environments key areas for improvement
- Understand company security policies/standards and government regulations
- Recommend new security tools and methodology to improve security posture
- Identify and evaluate complex business and technology risks
- The contractor shall administer, operate, update, patch, configure, develop, integrate, install, troubleshoot and maintain vulnerability management systems, tools, tactics, techniques and procedures
- Scanning, tracking, recording and reporting vulnerabilities using government provided tools
- Reporting and uploading scan results to the DISA's Vulnerability Management System (VMS) tool, or its successor, on a monthly or as needed basis for Air Force Base's (AFB) to review and remediate
- Performing trend and analysis of vulnerability scan data
- A passion for, and deep understanding of, vulnerability and threat management
- 3 plus years relevant work experience with general industry experience in the security field
- CISSP or other security certifications are a plus
- Experience with vulnerability scanners (Nexpose preferred)
- Minimum 12 years’ overall experience in Information Security and Technology (including hands-on knowledge of network, mainframe, mid-range, and distributed systems security) with expertise in the areas of threat intelligence, incident response, and vulnerability management
- Minimum 5 years’ experience managing an incident response program and forensic capabilities
Vulnerability Management Job Description
- Developing draft TOs, SOPs, checklists, guides, best practices and procedures for conducting vulnerability assessments
- Automating procedures using scripts, Sequel (SQL)/database administration, or other available technology
- Reporting repeat high vulnerabilities to the communications unit monthly
- Maintaining vulnerability management tools
- Oversee the development, maintenance, and continual improvement of vulnerability management infrastructure, initiatives, integration, processes, and technical assessment support
- Drive automation of vulnerability management tools and processes
- Understanding of infrastructure, IoT, application, and cloud vulnerability scanning
- Classify and prioritize the risk of new vulnerabilities based on the company’s environment
- Maintain metrics and reports on vulnerability findings and remediation compliance
- Work closely with business and technology stakeholders to drive vulnerability remediation
- Minimum 5 years’ experience managing the Vulnerability Management process
- Minimum 3 years’ experience designing or managing SOC operations
- CISSP, CEH, SANS GIAC or other security relevant certifications are preferred
- Excellent communication skills translating complex technical information across all levels of the organization
- Well organized with excellent follow up skills to meet deadlines, coordinates work of others while fostering teamwork and cooperation, and able handle multiple concurrent tasks
- 3+ years of comprehensive knowledge of Vulnerability Management identification, analysis, metrics and reporting tools processes enabling proper governance, risk and compliance
Vulnerability Management Job Description
- Maintaining an understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items
- Partner and collaborate with business and technology teams to provide vulnerability and security expertise as the teams develop remediation solutions for security vulnerabilities
- Effectively manages Vulnerability Management resources by ensuring resources are appropriately trained, tasked and delivering against milestones
- Supports and executes effective resource and activity forecasting
- Produces complex, high-priority recurring, automated and ad-hoc vulnerability and status reports with the purpose of measuring progress towards goals, measuring performance against objectives, and identifying improvement opportunities in the areas of vulnerability identification, assessment, assignment and remediation
- Develop documentation for requirements, architectural designs, engineering drawings and diagrams, operational policies and procedures
- Serve as the subject matter expert on all matters of Enterprise Information Security, and specific to CSARC
- Analyze architecture and provide feedback for architectures submitted by engineers and analysts
- Coordinate with other teams on new architecture or enhancements (Risk, Strategy, Engineering, DevOps)
- Research and recommend enhancements to CSARC services
- Strong leadership and teambuilding skills.Expert level familiarity with enterprise vulnerability management tools, such as Qualys and RSA VRM
- Working knowledge of ITIL change management / patch management
- Experience with system hardening and secure configuration frameworks
- Strong desire to work on the front line of Security
- Highly skilled and/or educated in the area of Information Security
- Able to multi-task, prioritize, and resolve multiple inquiries at once