Vulnerability Analyst II

Job Title

Vulnerability Analyst II
Reporting To

Manager- CyberSecurity
FLSA Status (exempt, non-exempt)

Salary Exempt
Description

The Vulnerability Analyst II has been working in a cybersecurity role for three or more years. Ideally you have experience in Level 2 Help Desk and deliver excellent customer service in a professional environment. As a Vulnerability Analyst, you will play a crucial role in ensuring the security and integrity of our client's digital assets by identifying and mitigating potential vulnerabilities. You will be responsible for conducting regular assessments, collaborating with other IT and security teams, and implementing measures to safeguard against cyber threats. You understand high-quality customer service, respond with appropriate professionalism and urgency, and have a knack for adapting your interpersonal style to many different types of users. The Vulnerability Analyst is responsible for the completion of tasks, projects that will be assigned and tracked. Some travel and after hours/on call hour work may be required. To succeed in this role, you need to be detail-oriented, with strong organizational and time management skills.
Automation and Scripting

Automate repeatable processes using a variety of tools including scripting.

Desirable scripting languages: PowerShell, Automate RMM, Datto RMM, and Python.
Vulnerability Assessment

Conduct regular vulnerability assessments on systems, networks, and applications.

Utilize scanning tools and methodologies to identify vulnerabilities.

Analyze and interpret vulnerability scan results to prioritize high-risk areas.
Project Management

Create and conduct reoccurring meetings with customers to talk through scan results, remediation steps and prioritization.

Plan and execute remediation projects that prioritize critical items, maximize operational efficiency, and minimize client impact.
Security Audits

Analyze and interpret security audits and communicate the results to stakeholders with a wide range of technical knowledge.

Collect evidence and artifacts to fulfill contractual and compliance requirements.
Security Patch Management

Monitor and track security patches for various software and systems.

Coordinate with different teams to ensure timely deployment of patches and updates.
Incident Response

Assist in incident response activities related to security vulnerabilities.

Investigate and analyze security incidents to support remediation efforts.
Documentation and Reporting

Maintain detailed documentation of vulnerability assessment findings and remediation efforts.

Prepare and present reports to management on the overall security posture.
Education & Qualifications

• Valid Driver License and Proof of Auto Insurance
• Bachelor's degree in Information Technology, or a related field, OR equivalent relevant experience.
• Relevant certifications such as Certified Information Systems Security Professional
• (CISSP), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or other red team certifications are a plus.
• Proven experience in conducting vulnerability assessments and/or penetration testing.
• Familiarity with common security and compliance frameworks (e.g., CIS, NIST CSF, HIPAA/HITRUST, PCI DSS, ISO 27001).
• Strong understanding of networking protocols, operating systems, and web applications.
• Experience with Microsoft cloud technologies including Entra ID, Azure VMs, and cloud networking (VNETs and NSGs).
• Knowledge of encryption standards and technologies, including data at rest as well as data in transit.
• Experience using and interpreting vulnerability software such as Connect Secure, Tenable, Rapid7, or Qualsys.
• Proficiency with data visualization and processing; proficiency with PowerBI and Excel.
• Apply the common vulnerability scoring system (CVSS) to prioritize remediation items.
• Familiar with industry best practices for security hardening of IT infrastructure, including networking equipment, VPN, Windows, MacOS and Linux OS, and cloud resources.
• Stay up to date on the latest trends, threats, CVEs and Zero-Days, workarounds, and patches in the cybersecurity landscape.
• Able to apply the latest threat intelligence to vulnerability management strategy.
• Proven track record of developing creative and effective solutions to technical challenges.
• Policy administration experience with Group Policy Objects (GPOs) and Intune.
• Experience with Automate Patch Manager, WSUS, or other patch management tools.
• Understanding of business needs to ensure remediation recommendations are appropriate.
• Proficient in using vulnerability scanning tools and penetration testing tools.
• Excellent analytical and problem-solving skills.
• Strong communication and collaboration skills.
• Able to distill complex technical concepts and jargon for a lay audience.
• Excellent time management skills.
• Passion for technology and cybersecurity.

Soft Skills

Supervision/Autonomy

Able to independently set direction and scope of work. Able to evaluate the work of others and make decisions that affect personal or team productivity within a well-defined area of responsibility.

Planning/Organization

Able to organize incoming requests for work from multiple sources and plan projects without well-defined goals, maintaining day to day productivity with few requests for help.

Process Management

Understands and follows established processes. Able to adapt to ongoing changes in processes, priorities, tasks, and workload. Able to help develop and define processes and process improvement for Applied Tech.

Communication

Strong written and verbal communication skills. Demonstrates clear and professional written communication that conveys confidence and competence. Able to explain complicated concepts with poise to large groups.

People Skills/Conflict Management

Strong interpersonal skills for effective interaction with clients, third parties, and teammates. Able to demonstrate confidence in high-pressure situations and resolve conflicts.
Physical Requirements

• Ability to use computers daily in an interactive manner for extended periods of time, possibly exceeding 8 hours per day.
• Ability to sit for an extended period.
• Ability to frequently and accurately communicate with employees, customers, and vendors in person, via the telephone or by email.

NOTE: This job description is not intended to be all-inclusive. Employees may perform other related duties as requested to meet the ongoing needs of the organization.