InfoSec L2 VM (Infra) Sr Analyst

Position Responsibilities

Percent of Time

• Execute vulnerability scanning and assessment activities for infrastructure components, including servers, networks, cloud platforms, and endpoints, using enterprise-grade tools.
• Analyze vulnerability scan results, assess risk levels, and provide detailed reports to technical teams and management.
• Assist in the coordination and tracking of remediation efforts by collaborating with IT Operations, Cloud Engineering, and Network Administration teams.
• Ensure accurate and timely updates to vulnerability management systems and dashboards, providing transparency into the effectiveness of remediation activities.
• Leverage threat intelligence to contextualize vulnerabilities and prioritize remediation based on potential impact to the organization.
• Support process improvements and automation initiatives to enhance the efficiency and scalability of vulnerability management activities.
• Perform technical and security reviews of infrastructure environments to identify potential weaknesses and recommend mitigation strategies.
• Stay informed on emerging threats and vulnerabilities, providing recommendations to improve the organization's defenses.
• Collaborate with the Vulnerability Management Service Lead, ZICC VM Infrastructure Security Manager, and other internal stakeholders to align on best practices and support key initiatives.
• Help ensure compliance with regulatory requirements and corporate policies related to infrastructure security.

• 100%

Organizational Relationships

• This role will work closely with the Vulnerability Management Service Lead, the ZICC VM Infrastructure Security Manager, and the onshore vulnerability management team to support the execution of infrastructure security initiatives.
• Collaborate with Infrastructure Operations, Cloud Engineering, and Network Administration teams to address vulnerabilities and deliver remediation guidance.
• Engage with infrastructure owners within the Zoetis Tech & Digital (ZTD) organization to support vulnerability management activities and address security risks.

Education and Experience

Education:

• University Degree in Computer Science or Information Systems is required
• MS or advanced identity courses or other applicable certifications are desirable, including:
• Certified Information Systems Security Professional (CISSP)
• Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience:

• A minimum of 6+ years of relevant experience with a strong background in vulnerability management and security engineering
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health
• Experience working with global teams across multiple time zones
• Demonstrated ability to work within diverse technical teams

Technical Skills Requirements

• Proficiency with vulnerability scanning and management tools (e.g., Tenable, CrowdStrike, BitSight, Shodan, Nucleus)
• Strong understanding of vulnerability management frameworks and prioritization methodologies (e.g., CVSS)
• Basic scripting or automation skills (e.g., Python, PowerShell, or Bash) to support process automation
• Familiarity with cloud platforms like AWS and Azure, including their security features and best practices
• Strong knowledge of infrastructure security principles, system hardening, and vulnerability remediation processes
• Experience in analyzing vulnerability data, correlating with threat intelligence, and providing actionable insights
• Knowledge of network security concepts, including firewalls, intrusion detection/prevention systems, and secure network architecture
• Familiarity with security compliance frameworks and standards such as NIST, ISO 27001, or CIS
• Excellent analytical skills for identifying trends, root causes, and systemic weaknesses in vulnerability data
• Strong verbal and written communication skills for creating clear reports and collaborating with technical and non-technical stakeholders

Physical Position Requirements

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)

• Full Time