Job Description

Job Summary
We are seeking a highly skilled and motivated Vulnerability Management Specialist with at least 5 years of hands-on experience in identifying, assessing, and mitigating security vulnerabilities across enterprise environments. The ideal candidate will have a strong understanding of cybersecurity principles, vulnerability scanning tools, and risk management frameworks, with the ability to communicate technical issues to non-technical stakeholders.
Job Requirements

• Manage the end-to-end vulnerability management lifecycle: discovery, classification, prioritization, remediation tracking, and reporting.
• Conduct regular vulnerability assessments using tools such as Qualys, Tenable, Nessus, or Rapid7.
• Collaborate with system owners, infrastructure teams, and developers to address and remediate vulnerabilities.
• Monitor threat intelligence feeds to identify and assess emerging vulnerabilities.
• Develop and maintain metrics and reports on vulnerability status, trends, and remediation progress.
• Ensure compliance with internal security policies and external regulatory standards (e.g., PCI-DSS, ISO 27001, HIPAA).
• Coordinate periodic penetration testing and work with external vendors as needed.
• Assist in maintaining and improving the organization's vulnerability management processes and tools.

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication.
• Ability to manage multiple priorities and work effectively in a fast-paced environment.
• Collaborative mindset with a strong sense of accountability.

• Security certifications such as CISSP, CEH, OSCP, CompTIA Security+, or GIAC.
• Experience with scripting languages (Python, PowerShell, Bash) for automation of vulnerability tasks.
• Exposure to cloud environments (AWS, Azure, GCP) and related security controls.
• Familiarity with SIEM and ticketing systems (e.g., Splunk, ServiceNow).

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Minimum of 5 years of professional experience in vulnerability management, information security, or a related domain.
• Strong knowledge of operating systems (Windows, Linux, Unix), network protocols, and application architectures.
• Hands-on experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7, Tenable.io).
• Familiarity with patch management practices and tools.
• Understanding of CVSS scoring, OWASP Top 10, and MITRE ATT&CK framework.
• Experience interpreting and responding to vulnerability alerts (e.g., CVEs, vendor advisories).