Senior Vulnerability Management Analyst (Cybersecurity)

Senior Vulnerability Management Analyst, Cybersecurity

I. Job SummaryThe Senior Vulnerability Management Analyst will be responsible for overseeing and managing vulnerabilities identified by various platforms, including Tenable, Wiz, Defender for Cloud, and other vulnerability sources. This role involves leading the assessment reported vulnerabilities, triaging and ranking them by risk and other mitigating control factors, and setting a strategic prioritization schedule for remediation. The candidate will collaborate with patching teams to provide expert guidance and ensure timely patching according to company policies. If timely patching is not feasible, the analyst will coordinate risk exception procedures and ensure that tools exclude findings with granted risk exceptions. Additionally, the analyst will stay at the forefront of vulnerability trends and manage Cloud Security Posture Management (CSPM) components to ensure the security of cloud environments. II.

Job CompetenciesTechnical Proficiency:

• Mastery in vulnerability management tools and platforms (e.g., Tenable, Wiz, Defender for Cloud).
• Deep understanding of network, application, and cloud security vulnerabilities.
• Advanced proficiency in scripting and automation for vulnerability management tasks.
• Extensive knowledge of CSPM tools and practices, including continuous security assessments, risk prioritization, compliance monitoring, and configuration management.

Analytical Skills:

• Expertise in assessing and prioritizing vulnerabilities based on risk and mitigating factors.
• Exceptional attention to detail in identifying and addressing security vulnerabilities.

Communication Skills:

• Superior written and verbal communication skills.
• Ability to effectively communicate vulnerability findings and remediation guidance to technical and non-technical stakeholders at all levels.

Problem-Solving Skills:

• Proven ability to troubleshoot and resolve complex security issues.
• Innovative thinking to develop new solutions for vulnerability management.

Team Collaboration:

• Strong leadership skills to work effectively with cross-functional teams.
• Ability to build relationships and collaborate with stakeholders at all levels.

Continuous Learning:

• Commitment to staying current with the latest security trends, vulnerabilities, and technologies.
• Willingness to pursue relevant certifications and training.

III. Essential Job Functions

Independent monitor and manage vulnerabilities across Tenable, Wiz, Defender for Cloud, and other platforms.Lead the assessment of reported vulnerabilities, triage them, and rank them by risk and other mitigating control factors.Set a strategic prioritization schedule for remediation and work with patching teams to ensure timely patching.Proficiency with ticketing tools, raising appropriate patch requests, keeping record of the pending requests, following them up on regular basis and tracking them down till resolution.Manage risk exception procedures and ensure tools exclude findings with granted risk exceptions.Stay at the forefront of vulnerability trends and provide recommendations for improving vulnerability management processes.Manage CSPM components to ensure the security of cloud environments, including continuous security assessments, risk prioritization, compliance monitoring, and configuration management.Detect and address gaps in scan coverage to ensure comprehensive vulnerability assessments.Generate reports and deliver presentations on vulnerability assessments and remediation progress.Mentor and train junior team members, fostering skill development and knowledge-sharing.Contribute to the overall security strategy and engage with executive leadership to enhance security resilience.Collaborate with cross-functional teams to address complex security issues and ensure effective vulnerability management.This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Associates may be required to perform other job related duties as required by their supervisor, subject to reasonable accommodation.

IV. Employment Qualifications

Legally Required License / Certification (Ex: MD, RN, LPN, etc.) ONE CERTIFICATION PER FIELD Ensemble Required License / Certification (Ex: CRCR) ONE CERTIFICATION PER FIELDPreferred Certifications: CISSP, CCSP, CEH, CISM, CISA, GSEC, CompTIA Security+, OSCP, or other relevant certifications.Or other approved job relevant certification.Desired Work ExperienceJob

Experience

People Leadership Experience5 to 7 YearsNADesired EducationEducation LevelPreferred Area of StudyBachelors Degree or Equivalent ExperienceComputer Science, Information Security, or a related field.Other Preferred

Knowledge, Skills and Abilities

• A minimum of 5 years of experience in Information Technology
• A minimum of 3 years of experience in Information Security.
• Experience with vulnerability management tools and platforms.
• Experience in assessing and prioritizing vulnerabilities and managing remediation efforts.
• Experience with CSPM tools and practices.
• Strong understanding of risk management and mitigation strategies.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
• Experience with cloud security and understanding of cloud service provider ecosystems (e.g., AWS, Azure).
• Ability to create and maintain scripts for automation (e.g., PowerShell, Python).
• Excellent problem-solving and analytical skills.
• Strong collaboration and teamwork skills.

IV. Working Conditions

EnvironmentApplicableRequires Long Distance or Air Travel Requires Travel to Various Work Locations by Car General Office Environment or Work From Home Clinical Environment - (Exposure to common hazards present in a healthcare facility including but not limited to; blood and other infectious materials, latex products, physical altercations and verbal abuse, high noise levels, and bright lights)

V. Physical Requirements

Physical DemandTaskFrequencyLifting/ Carrying 50 lbs or lessRarelyLifting/ Carrying 51 lbs or moreNeverPush/ Pull 50 lbs or lessRarelyPush/ Pull 51 lbs or moreNeverStoop, KneelNeverCrawlingNeverClimbingNeverBalanceNeverBendingRarelyManual Dexterity ( Hand / Eye Coordination)FrequentlyPerform Shift WorkNeverRepetitive Hand / Arm Movement Work PositionTaskFrequencySittingFrequentlyWalkingOccasionallyStandingOccasionallyEnsemble Health Partners is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all of our associates.