Vulnerability Analyst
Job Location:
Job Location:
Malvern, PA - USA
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
30+ days ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
Vulnerability Analyst
Location: Malven PA
Hybrid Schedule (T/W/th) M and F remote (no flexibility on this at all)
(If relocating must actually relocate on day 1. Talent cannot commute via flying weekly.)
Core Responsibilities
Vulnerability Risk Analyst
- 1. Prepare detailed reporting on vulnerabilities and related risks integrating risk concepts such as impact and likelihood to ensure proper prioritization. Reporting will outline security posture vulnerability trends and mitigation results.
- 2. Conducts independent analysis of vulnerabilities to identify thematic issues and impact on systems. Support risk scoring.
- 3. Leads scrums and huddles to support the tracking of vulnerability management efforts. Maintain Kanban boards that track remediation efforts.
- 4. Supports the documentation of process & controls gaps that contribute to vulnerability risk.
- 5. Coordinates with Technical Security Advisors to ensure remediation plans and status are up-to-date and accurate.
- 6. Maintaining vulnerability management procedures.
- 7. Participates in special projects and performs other duties as assigned.
Qualifications
- Microsoft 365 and Copilot: Robust understanding of Microsoft 365 and Copilot functionalities including integration and customization.
- Bachelors degree in Cybersecurity Information Systems Computer Science or equivalent practical experience.
- Security certification(s) preferred (e.g. Security SSCP CISSP or equivalent) especially if the role will independently assess risk treatment quality.
- Demonstrated foundation in cybersecurity principles (vulnerability lifecycle risk concepts remediation approaches) and the ability to apply them in an enterprise environment.
- Proven security expertise across infrastructure products and services.
- Working knowledge of vulnerability management outcomes: identifying assessing prioritizing and enabling workflows that help drive vulnerabilities to closure or approved treatment
- Experience supporting or governing vulnerability scanning/assessment programs for enterprise assets (on prem and/or cloud workloads) including compliance to remediation SLAs.
- Ability to perform a structured investigation of a suspected false positive and document the outcome and decision path.
- Ability to explain a vulnerabilitys impact in plain business terms and produce a concise risk treatment summary that is approver ready.
- Ability to support downgrade/override decisions with written rationale that is auditable and explicitly scope
- Skills Required
- Proficiency in creating structuring and analyzing datasets using automation development frameworks and AI driven tools.
- Robust writing skills to produce audit ready rationales and summaries (risk acceptances downgrade rationale false positive outcomes).
- Comfortable facilitating discussions with technical and non technical stakeholders to clarify facts confirm remediation options and drive decisions.
- Robust attention to detail for data accuracy
- Familiarity with vulnerability and posture tooling across on prem and cloud contexts
- Experience with reporting ecosystems
