Vulnerability Management Analyst Job Description
Vulnerability Management Analyst Duties & Responsibilities
To write an effective vulnerability management analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability management analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Vulnerability Management Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Management Analyst
List any licenses or certifications required by the position: CISSP, GPEN, GCIH, CEH, CISA, CRISC, IAT, CISM, GIAC, III
Education for Vulnerability Management Analyst
Typically a job would require a certain level of education.
Employers hiring for the vulnerability management analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technology, Technical, Cyber Security, Engineering, Computer Engineering, Business
Skills for Vulnerability Management Analyst
Desired skills for vulnerability management analyst include:
Desired experience for vulnerability management analyst includes:
Vulnerability Management Analyst Examples
Vulnerability Management Analyst Job Description
- Help Vulnerability Management (VM) Team for maintaining appropriate documentation that defines the Threat & Vulnerability Management Program, Policy and Procedures
- Oversee the coordination of security incident response events
- Participated in the calls to resolve information security incidents including internal events and targeted threats
- Automate the vulnerability management process to improve operation efficiency
- Analyze patch and vulnerability information for Vulnerability Management processes
- Interface with Internal customers and Agency contacts for Vulnerability Management issues
- Provide basic/initial customer response to computer security incidents
- Monitor intrusion detection systems and other cyber security dashboards
- Research, evaluate, and assess emerging cyber security threats, incidents, and vulnerabilities
- Work with the program manager to develop and maintain a vulnerability intelligence process that monitors for emerging systems vulnerabilities
- Work experience with vulnerability assessment tools like Qualys, Foundstone, Rapid7, Nessus and similar
- Secure Code Application Testing tools
- Network Technologies (routers, switches, wireless)
- Minimum 6-8 years of IT security experience such as penetration testing, vulnerability scanning, security audits, configuring and managing security systems
- Experience writing scripts in PowerShell, Ruby, Python, BASH
- Degree in Information Systems, Computer Science or a related field is required
Vulnerability Management Analyst Job Description
- Solve basic or repetitive problems
- Perform implementation tasks for systems and networks under supervision
- Perform system and network upgrade tasks under supervision
- Complete orders of vendor services designed and configured by senior team members
- Compile data in support of equipment and user relocations or system migrations
- Perform simple configuration changes to meet business requirements under supervision
- Compile and collect capacity data to be used for planning purposes
- Perform documented preventative maintenance routines under supervision
- Respond to level 3 &4 change and problem requests with supervision
- Investigate and resolve scan and network related issues
- Information technology and/or cybersecurity experience
- Good understanding of security / vulnerability scanning tools (eg
- Proven ability to drive change in an organization
- Systems Administrator (SA) level of technical ability on at least one platform eg
- Database Administrator (DBA) level of technical ability on one of eg
- Experience with visualization tools – eg
Vulnerability Management Analyst Job Description
- Vulnerability discover, analysis and risk rating
- Analysis of vulnerabilities disclosed by vendors, internal/external sources, and vulnerability and intelligence feeds
- Monitor news and intelligence feeds on a daily basis to proactively identify vulnerabilities that may impact the organization
- Provides analysis of vulnerabilities to other team members to assist with overall vulnerability remediation efforts
- Conduct analysis of various data sets in Excel, Splunk, and other enterprise tools to assist with identification of issues within the environment
- Support the identification and impact classification for new vulnerabilities identified in the environment
- Execute and support vulnerability assessments
- Provide Vulnerability Management (VM) team information on the emerging Enterprise vulnerability landscape, in collaboration with the CyberSecurity Operations organization
- Brief VM leadership on vulnerability assessment results and potential risks
- Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function
- Bachelor’s degree in related field or military experience with equivalent work experience is required
- Bachelor’s degree in Information Technology or Information Security
- At least 3+ years of experience with Linux command lines tool
- Experience in an information security related field (cyber risk), prior experience with Qualys or other vulnerability scanning and patching tools is preferred
- Maintain or willing to pursue certification in an information security related field
- Ability to automate the vulnerability data management and reporting process using scripting languages (Python, Perl, Unix Shell, VBA)
Vulnerability Management Analyst Job Description
- Produce actionable intelligence in the form of reports, notifications, and alerts
- Develop mitigation and countermeasure plans from collected threat intelligence
- Perform analysis of security issues and/or vulnerabilities
- Maintain knowledge of security trends and threats
- Provide subject matter expertise for relevant Cybersecurity technologies
- Develop metrics and capabilities to ensure effective vulnerability management
- Executing the vulnerability lifecycle management strategy across the organization
- Configuring, scheduling and executing vulnerability scans, and delivering scan reports
- Establishing relationships with system owners and business process partners for the purposes of ensuring that identified vulnerabilities are remediated in accordance to established timelines
- Working with cross functional teams and internal users to enforce technical security standards by providing assistance in applying established standards to projects
- Executing penetration tests against network, web, and mobile assets
- 1 year of experience in corporate IT environment or equivalent
- Experience supporting operational IT security requirements or equivalent security training/education, preferred
- Experience with vulnerability assessment and administering vulnerability scanning tool, preferred
- Bachelor's Degree in Computer Science, Mathematics, Engineering or similar area of study preferred
- Understanding of cyber security and risk management best practices
Vulnerability Management Analyst Job Description
- Researching the threat landscape to keep abreast of vulnerabilities specific to the organization’s IT environment
- Acting as information security subject matter expert whilst participating in projects that are delivering or changing IT systems
- Executing ad-hoc information security tasks as required by information security leadership
- Participate in CSARC (Cyber Security Analysis & Response Center) operations support and incident handling
- Research security testing tools, techniques, and processes
- Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities
- Recommend approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes
- Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the Security Operations Center (SOC)
- Promote collaboration with our stakeholders and Red Team researchers to prioritize the remediation of vulnerabilities and close potential attack vectors
- Understand asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected
- Certifications such as CISSP, CEH
- Coding/Scripting experience Perl, VB Script, Python, Bash, Shell
- Knowledge of OWASP tools and methodologies, web application assessments, and system development lifecycle (SDLC)
- A minimum of 5+ years of vulnerability assessment experience
- Technical security certifications preferred, such as GPEN, CISM, and/or CISSP
- Prior experience executing vulnerability assessment activities such as vulnerability scans, penetration tests, web application security assessments, and application security code reviews