Vulnerability Management Analyst

Your main role and responsibilities

1. Contribute individually and collaborate effectively with the team to support and improve the business.
2. Coordinate and manage timely remediation of security vulnerabilities across various technologies.
3. Identify, resolve, and document false positives in vulnerability assessments.
4. Possess hands-on knowledge of Rapid7 architecture, including scan engines, collector servers, agents, query builder, goals, and projects.
5. Work with application teams and business unit owners to submit risk letters, ensuring compliance with the organization's IT Security and Risk Management Framework.
6. Conduct weekly, monthly, and ad-hoc vulnerability assessments for servers, user systems, network assets, public-facing assets, and databases using tools like Rapid7, Burp Suite, SonarSource, Qualys, or Mend.
7. Manage scan configurations, including asset grouping, authentication, templates, engine pool, scheduling, and reporting.
8. Maintain and troubleshoot vulnerability management tools.
9. Monitor scan status, engine health, report generation, and ensure successful completion with proper authentication.
10. Troubleshoot scan issues such as missing assets or authentication failures and open support cases with vendors when necessary.
11. Demonstrate hands-on experience with DAST, SAST, and SCA tools.
12. Track vulnerability remediation through ticketing systems and validate with ad-hoc scans.
13. Coordinate with network, endpoint, and server teams regarding patches, CVEs, and patch levels.
14. Understand CVSS, vulnerability assessment methods, and corrective updates.
15. Have good knowledge of web application vulnerabilities, assessment tools, and methodologies.
16. Require a minimum of 3 years' hands-on experience with the specified vulnerability tools and 5-8 years in information security.
17. Possess certifications such as CEH, Rapid7 Certified Administrator, Qualys Certification, Security+, ITIL, or equivalent.
18. Employment contingent upon positive screening, interview, background, and reference checks.
19. This position is open only to candidates physically present in Canada who are Canadian citizens or permanent residents.
20. Not open to candidates on a Work Visa/Work Permit.

Position Type

Regular

CAE thanks all applicants for their interest. Only those whose background and experience match the role will be contacted.

Equal Opportunity Employer

CAE is committed to diversity, equity, and inclusion. We encourage all applicants to apply, even if they don't meet every listed requirement. Reasonable accommodations are available for the application and interview process. Please contact us if needed.