Cybersecurity Vulnerability Management Specialist

We are seeking a Cybersecurity Vulnerability Management Specialist to identify, assess, prioritize, and remediate security vulnerabilities across our enterprise infrastructure and applications, utilizing advanced scanning tools and implementing comprehensive vulnerability management programs to maintain organizational security posture.

Vulnerability Assessment & Management

• Conduct comprehensive vulnerability assessments using automated scanning tools including InsightVM, Nessus, and Qualys
• Perform manual security testing and penetration testing to identify complex vulnerabilities
• Analyze vulnerability scan results, false positives, and prioritize remediation based on risk scoring
• Track vulnerability lifecycle from discovery through remediation and verification
• Maintain vulnerability databases and generate executive-level security metrics and dashboards

Risk Analysis & Prioritization

• Evaluate vulnerability severity using CVSS scoring and business impact assessments
• Correlate vulnerability data with threat intelligence to identify active exploitation risks
• Conduct risk assessments considering asset criticality, environmental factors, and exposure levels
• Develop vulnerability treatment strategies including remediation, mitigation, and acceptance decisions
• Create risk-based remediation roadmaps and timeline recommendations

Remediation & Patch Management

• Collaborate with IT teams to develop and implement remediation strategies and patch deployment schedules
• Coordinate emergency patching for critical vulnerabilities and zero-day exploits
• Validate remediation effectiveness through re-scanning and verification procedures
• Manage patch testing procedures and rollback plans for critical systems
• Implement compensating controls and temporary mitigations for systems that cannot be immediately patched

Reporting & Compliance

• Generate comprehensive vulnerability reports for technical teams, management, and audit purposes
• Create security metrics and KPIs to measure vulnerability management program effectiveness
• Support compliance audits and regulatory requirements (SOX, PCI-DSS, HIPAA, ISO 27001)
• Maintain vulnerability management documentation and standard operating procedures
• Present security posture updates to executive leadership and risk committees

Technical Skills

• 6+ years experience in vulnerability management and cybersecurity operations
• Expert proficiency with vulnerability scanning tools (InsightVM, Nessus, Qualys, OpenVAS)
• Strong knowledge of common vulnerabilities (OWASP Top 10, CVE database, CWE framework)
• Experience with patch management systems and automated remediation tools
• Understanding of network security, web application security, and infrastructure hardening
• Proficiency in scripting languages (Python, PowerShell) for automation and data analysis

Security Skills

• Strong understanding of risk assessment methodologies and vulnerability prioritization frameworks
• Experience with penetration testing tools and manual security assessment techniques
• Knowledge of security frameworks (NIST, ISO 27001, CIS Controls) and compliance requirements
• Understanding of threat intelligence integration and attack vector analysis

• Bachelor's degree in Cybersecurity, Information Technology, or related field
• Security certifications (CISSP, CISM, CEH, GCIH, GIAC)
• Experience with cloud security assessments (AWS, Azure, GCP)
• Background in DevSecOps and secure software development lifecycle integration
• Knowledge of security orchestration and automated response (SOAR) platforms