Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
249 views3 pages

Job Description - Vulnerability Management Analyst

This job description is for a Vulnerability Management Analyst position. The role leads the Vulnerability Management team and is responsible for vulnerability discovery, classification, remediation, and verification to reduce threats. Key responsibilities include developing monitoring strategies, guiding the vulnerability management plan, reporting on metrics and risks, analyzing scan results, and collaborating across teams on remediation. The ideal candidate has 5+ years of experience in vulnerability management and a technical background including operating systems, databases, and applications.

Uploaded by

Maher Ayari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
249 views3 pages

Job Description - Vulnerability Management Analyst

This job description is for a Vulnerability Management Analyst position. The role leads the Vulnerability Management team and is responsible for vulnerability discovery, classification, remediation, and verification to reduce threats. Key responsibilities include developing monitoring strategies, guiding the vulnerability management plan, reporting on metrics and risks, analyzing scan results, and collaborating across teams on remediation. The ideal candidate has 5+ years of experience in vulnerability management and a technical background including operating systems, databases, and applications.

Uploaded by

Maher Ayari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

V03-21-JD

Job Description

Title: Vulnerability Management Analyst


Code: HOR-IT-3

Description

Cybersecurity is at the beating heart of our business. We’ve made it our priority to create exemplary
security operations teams, poised to defend us against any potential cyber threats.

This position leads the Vulnerability Management team under the direction of the Infrastructure Manager.
This position is critical to the success of the organization by providing high confidence in understanding the
attack surface of ODDO BHF 's infrastructure.

Through this, mature and detailed capabilities are in place to move from discovery, to classification, to
remediation, to verification of any vulnerability or configuration-based gaps. Reducing the threat footprint to
our organization is a key critical operational objective which sits squarely on the shoulders of this position.

This person will have direct responsibility the plan, build, and run of the Vulnerability Management function.
Furthermore, this position will be directly responsible for operational aspects as they work between teams
to ensure remediation with our partners in operations.
Finally, he will be accountable to the Cybersecurity and Executive Leadership team in the reporting and
escalations of threats as they are posed to our infrastructure components.

Key Responsibilities:

 Create advanced monitoring strategies for monitoring and reporting health of Active Directory
components.
 Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support
activities in the areas of the VM program, security patch and remediation management.
 Provide input, help prepare and update VM roadmap, develop, maintain, and publish project plans
and operation schedules.
 Provide status reports to CISO and IS Manager related to VM metrics, key risk indicators, trending,
and compliance reports to the CISO, IS Manager, and other management.
 Propose VM concepts/solutions, prepare presentations, and coordinate vendor demonstrations.
 Create and maintain SOPs for the VM program, provide technical knowledge to operations and
production support teams.
 Maintain configuration control of VM hardware, systems, and application software, Coordinate
upgrades and other maintenance activities on VM tools.
 Analyze assessment results and threat feeds to properly react to security weaknesses or
vulnerabilities.
 Prepare and maintain technical documentation of VM program including requirements, architecture
designs, network topology, applications and application security designs.
 Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results,
patching, and remediation activities related to workstations, servers, storage, databases,
appliances, web applications and network devices
 Collaborate on Information Security policies, standards, and baselines and contribute efforts to
measure compliance
 Collaborate on and provide VM results and metrics for consistent reporting for governance
purposes; collaborate and coordinate remediation plans and activities

V03-21-JD Page 1 / 3 28/11/2021


 Help develop a long term VM strategy (3-5 years) that will address global information security
needs (current state, gaps and opportunities).
 Responsibilities: Daily assessment of vulnerabilities identified by infrastructure scan
 Evaluate, rate and perform risk assessments on assets
 Prioritizing vulnerabilities discovered along with remediation timeline(s)
 Send and receive notifications to the SMEs of vulnerabilities within the environment
 Interaction with multiple global teams (security architecture, penetration testing, application
development, Risk Officers, etc).
 Maintain knowledge of the threat landscape.
 Provide reporting and analysis and follow up.
 Provide vulnerability analysis and produce reports for management.
 Participate collecting, assessing, and cataloging threat indicators.
 Experience with vulnerability and patch assessment.
 Good understanding of Windows and Linux patching.
 Knowledge of vulnerability scoring systems (CVSS/CMSS).
 Experience on vulnerability scanning tools.
 Ability to learn new technologies.
 Excellent writing and presentation skills are required in order to communicate findings and status.
 Cleary communicate priorities and escalation points/procedures to other team members.
 Detail oriented, organized, methodical, follow up skills with an analytical thought process
 Experience in defining endpoint, network device & server hardening best practices.
 Ensure the Vulnerability and Obsolesence Management for IT Infrastructure
 Implementation of the Lifecycle process for IT infrastructure
 Setting the roadmap for the Windows, Linux, Databases and Middleware systems.
 Ensuring the interaction between Vulnerabilty and Obsolesence Management.
 Coordination of the planning for the identified measures with the stakeholders.
 Controlling of the different actions and projects planned and worked upon.
 Communication and reporting about the process, the actions and their status.
 Conduct Vulnerability assessment internal and external facing environment as per organization
requirement.
 Update process and procedure document to enable effective Vulnerability management program.
 Supporting the incident response and architecture review processes whenever security expertise is
needed.
 Ensure the governance of Threat and vulnerability management program.

Professional / personal requirements:

 Able to communicate in groups with confidence and conviction.


 Ability to document processes and procedures in a clear, concise and logical manner.
 Candidates must be able to explain all vulnerabilities and weakness.
 Strong team player that collaborates well with others to solve problems and actively incorporate
input from various sources.
 Excellent analytical / problem solving skills as well as excellent interpersonal with fluent verbal and
written communication skills in English.
 German language skills are an advantage.

Formal Education

 Bachelor’s degree in computer engineering preferred.


 Manufacturer’s certification are a plus.
 Minimum of 5+ years of progressive infrastructure and cyber security experience; preferably within
a large global organization. Exposure to any two security areas is mandatory– Infrastructure
security, cloud/virtualization security and mobile security.
 Having business acumen, communication skills, and process-oriented thinking

V03-21-JD Page 2 / 3 28/11/2021


Required

 Bachelor’s degree from an accredited institution


 5+ years’ experience in a vulnerability management role
 Good understanding and experience in Policy Scan and Vulnerability Assessment Scans
(Infrastructure and Application)
 5+ years’ technical working experience/knowledge of operating systems, databases, web
applications, mobile devices, middleware, and other computing devices/software components

Desire

 Working knowledge of Information Security best practices, policies, standards, and baselines,
including industry standards and guidelines from ISO 27001/27002.
 Certified Information Systems Security Professional (CISSP )

Location City/State:

Immeuble Sandra Towers" Avenue du Lac Nord - Cité Les Pins 1053 Les Berges du Lac - Tunis

V03-21-JD Page 3 / 3 28/11/2021

You might also like