TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers compensation insurance.
TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients business success with extraordinary HR.
JOB SUMMARY
The Staff Vulnerability Management Analyst is a key member of the Global Security Cyber Defense team responsible for identifying, analyzing, and driving the remediation of vulnerabilities across enterprise systems, applications, and cloud environments. Based in Hyderabad, India, this role plays a critical part in protecting the organizations digital assets by ensuring vulnerabilities are promptly addressed and risk is effectively communicated to stakeholders.
Essential Duties/Responsibilites
- Lead the execution of the enterprise Vulnerability Management Program, including the design, scheduling, and tuning of automated vulnerability scans across endpoints, servers, cloud assets, and container environments.
- Ensure the health and performance of scanning tools and infrastructure, including asset discovery, credentialed scanning, and optimization of scan coverage.
- Analyze scan data to identify true positive vulnerabilities, eliminate false positives, and work with asset owners to ensure timely and effective remediation.
- Conduct regular assessments of container images, infrastructure-as-code (IaC), and cloud-native platforms to identify misconfigurations and known vulnerabilities.
- Collaborate with cross-functional teams, including Cyber Defense, Security Architecture, Security Engineering, Application Security, Risk, Engineering, and Technology to coordinate remediation activities and provide technical guidance on mitigating identified risks.
- Support continuous improvement by tracking and reporting remediation SLAs, scan coverage metrics, and program KPIs, while partnering with system owners to ensure timely compliance with remediation timelines.
- Design and deliver actionable dashboards and executive-level reports to drive data-informed remediation decisions and communicate risk posture effectively.
- Stay current on emerging threats, vulnerability disclosures (CVEs), and industry benchmarks such as CIS, NIST, and OWASP.
- Act as a backup resource to the Cyber Defense team, assisting in threat hunting, incident response, and vulnerability-related investigations.
- Performs other duties as assigned
- Complies with all policies and standards
QUALIFICATIONS
Education
Work Experience
- Typically 5+ years experience in vulnerability management or a related cybersecurity domain.
Licenses and Certifications
- CISSP - Certified Information Systems Security Professional
- CISM - Certified Information Security Manager
- GIAC Certified Incident Handler (GCIH)
- CEH: Certified Ethical Hacker
- CISA - Certified Information Systems Auditor
Knowledge, Skills and Abilities:
- Hands-on experience with vulnerability scanning platforms such as Microsoft Defender Vulnerability Management, Tenable, Qualys, Rapid7, or similar.
- Experience working in ServiceNow Vulnerability Management suite is preferred.
- Experience with security orchestration and automation tools (e.g., Microsoft Sentinel, Logic Apps, ServiceNow SecOps, Splunk SOAR) is a plus, particularly within Microsoft Defender environments.
- Solid understanding of common operating systems (Linux, Windows), networking, cloud platforms (AWS, Azure, GCP, Oracle), and container technologies (Docker, Kubernetes).
- Expertise in security tools and technologies (e.g., SIEM, intrusion detection systems, firewalls) and the ability to analyze and interpret security data to identify vulnerabilities and threats.
- Strong understanding of cybersecurity principles, frameworks, and best practices, including risk management, incident response, and regulatory compliance (e.g., NIST, ISO 27001, NIST 800-53, PCI-DSS).
- Familiarity with vulnerability prioritization methodologies (e.g., CVSS, EPSS, threat intelligence enrichment) is a plus.
- Strong analytical and troubleshooting skills with the ability to interpret complex data sets, convey technical findings to both technical and non-technical audiences, and contextualize vulnerabilities in terms of business impact and operational risk.
- Experience building and presenting vulnerability management reports at a leadership level is preferred.
- Experience in creating technical documentation, runbooks, playbooks, and training materials for vulnerability management.
- Excellent communication and interpersonal skills.
- Proficient in Microsoft Office Suite.
- Detail-oriented and well organized.
- Self-motivated and capable of working independently within a small, high-performing team that values critical thinking and sound decision-making.
- Contributes to a team culture of inclusion, transparency, and innovation, by actively sharing ideas and taking ownership of impactful work.
- Highly ethical and professional.
Work Environment:
- Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions.
- This position is 100% in office.
