Vulnerability Assessment Analyst

Responsibilities Vulnerability Scanning and Assessment:Manage regular vulnerability scans using industry-standard tools.Analyze scan results to identify potential security vulnerabilities and misconfigurations.Manage the prioritization of vulnerabilities based on risk levels and impact.Remediation Support:Manage the Patching Cycles.Work with IT teams to assist in the remediation of identified vulnerabilities from VA reports and pen testing assessment.Help track and monitor the progress of remediation efforts.Learn and apply best practices for reducing security risks.Reporting and Documentation:Create reports on vulnerability findings and remediation progress.Maintain accurate and up-to-date documentation of vulnerability management activities.Support the team in providing updates on emerging vulnerabilities.Learning and Development:Stay informed about current cybersecurity threats and trends.Participate in training sessions and workshops to develop skills in vulnerability management.Seek out opportunities to enhance knowledge in cybersecurity tools and techniques.Compliance and Support:Help ensure that vulnerability management activities align with relevant security standards and policies (e.g., ISO 27001, PCI-DSS).Assist in preparing documentation for audits and compliance checks.Provide security awareness training to employees on emerging threats and vulnerabilities.MUST – HAVE “Technical & Personal Skills Basic cybersecurity and networking knowledge. Understanding of vulnerabilities, CVEs, misconfigurations, patching, and remediation lifecycle.Ability to read vulnerability scan results and distinguish severity, affected assets, evidence, and remediation steps.Basic understanding of Windows, Linux, servers, endpoints, applications, and network infrastructure.Familiarity with CVSS and risk-based prioritization.Ability to track remediation actions with IT teams.Good documentation and reporting skills.Ability to use Excel or similar tools for tracking, filtering, and reporting vulnerability dataNICE-To-HAVE “Technical & Personal Skills Relevant certifications or coursework in cybersecurity are a plus (e.g., CompTIA Security+)Experience with tools like Tenable, Qualys, Rapid7, or similar platforms are a plusHands-on exposure to Tenable, Qualys, Rapid7, OpenVAS, or similar tools.Understanding of EPSS, SSVC, CISA KEV, exploit availability, internet exposure, and asset criticality.Familiarity with ISO 27001, PCI DSS, NIST CSF, CIS Controls, or audit evidence preparation.Basic scripting using Python, PowerShell, or Bash. Familiarity with OWASP Top 10 and web application vulnerabilities.Experience preparing vulnerability reports, dashboards, or remediation trackers. Security+ or similar certification is a plus.Personal Skills Strong analytical and problem-solving skills.Able to think through the tradeoffs between theoretical risk scores and what actually matters in production environmentsCustomer-facing communication, especially in MSSP or consulting environments.Ability to prioritize under pressure. Curiosity and self-learning attitude.Business awareness and ability to understand operational impact before recommending remediation. Confidence to ask questions and challenge unclear findings.Presentation skills.Adaptability across different client environments. Process improvement mindset.