Vulnerability Management Analyst

Your main role and responsibilities

1. Be an individual contributor and a great team player with a mindset to improve and support the business.
2. Coordinate and manage timely remediation of security vulnerabilities across various technologies.
3. Identify, resolve, and document false positive findings in vulnerability assessment results.
4. Have hands-on knowledge of Rapid7 architecture, scan engines, collector servers, agents, query builder, goals, and projects.
5. Collaborate with application teams and business unit owners to submit risk letters to comply with the organization's IT Security and Risk Management Framework.
6. Perform weekly, monthly, and ad-hoc vulnerability assessments for servers, user systems, network assets, public-facing assets, and databases using Rapid7, Burp Suite, SonarSource, Qualys, or Mend.
7. Manage scan configurations, including asset grouping, authentication, scan templates, engine pool, scheduling scans, and reports.
8. Manage and troubleshoot vulnerability management tools.
9. Monitor overall vulnerability scan status, engine health, report generation, and ensure successful scan completion with proper authentication.
10. Troubleshoot scans for missing assets or authentication issues.
11. Open support cases with scanning tools vendors when needed.
12. Demonstrate experience with DAST, SAST, and SCA tools.
13. Track vulnerability remediation via ticketing systems and validate with ad-hoc scans.
14. Coordinate with network, endpoint, and server teams regarding patches and CVEs.
15. Be knowledgeable of CVSS, vulnerability assessment methods, and corrective updates.
16. Have good knowledge of web application vulnerabilities, assessment tools, and methodologies.
17. Possess a minimum of 3 years of hands-on experience with vulnerability tools and 5-8 years in the information security domain.
18. Hold certifications such as CEH, Rapid7 Certified Administrator, Qualys Certification, Security+, ITIL, or others.
19. Employment is contingent upon positive screening, interview, background, and reference checks.
20. This position is only open to candidates physically present in Canada who are Canadian citizens or permanent residents; it is not open to work visa holders.