Security Analyst - Vulnerability Management

Job Description

Vulnerability Scanning & Analysis: Conduct daily operational activities in Rapid7 InsightVM, including initiating and reviewing vulnerability scans. Add or remove assets from scan scopes as per infrastructure changes or business requirements. Analyze vulnerability data and prioritize findings based on severity, exploitability, and business impact. False Positive detection analysis. Risk Management & Remediation: Collaborate with IT and business stakeholders to drive timely patching and remediation of identified vulnerabilities. Track and follow up on remediation progress; escalate delays as necessary. Support documentation and processing of risk acceptances , including impact assessments and stakeholder sign-offs. Stakeholder Engagement: Coordinate and communicate with application owners, system administrators, and other stakeholders for scan scheduling, scope adjustments, and remediation actions. Provide regular reports and dashboards to management and technical teams highlighting vulnerability trends, exceptions, and compliance status. Patch Management Support: Work closely with patch management teams to align scan results with patch deployment cycles. Validate effectiveness of applied patches and update system records accordingly. Documentation & Continuous Improvement: Maintain accurate records of vulnerability management activities, scan scopes, and risk acceptances. Assist in improving scanning coverage, tuning scan configurations, and refining asset groups. Qualifications 3 5 years of hands-on experience in a vulnerability management or security operations role. Strong working knowledge of Rapid7 InsightVM or similar vulnerability management platforms. Familiarity with patch management processes and tools. Experience conducting PCI DSS compliance scans , including asset scope definition, remediation tracking, and validation reporting. Understanding of risk management concepts and experience handling risk acceptances. Proficient in analyzing vulnerability reports, identifying root causes, and recommending mitigation strategies. Sound understanding of network, operating systems (Windows/Linux), and application security fundamentals. Solid grasp of compliance requirements including PCI DSS , CIS benchmarks , and vulnerability SLAs . Experience with the Service-Now Vulnerability Response module is an added advantage. Strong communication and stakeholder management skills. Good understanding of network and system security fundamentals.