Job Description
Looking for a Senior Security Analyst with 5-6 years of experience to lead our Vulnerability Management operations. The ideal candidate will be responsible for the continuous scanning, identification, and analysis of vulnerabilities across server infrastructure and end-user computing (laptops/desktops). This role requires a strong communicator who can interface directly with clients to drive remediation efforts, explain risk impact, and ensure the security posture of the organization is maintained using industry-standard tools like Tenable Nessus and Qualys.
Key Responsibilities:
Vulnerability Assessment: Conduct scheduled and ad-hoc vulnerability scans on Server farms (Windows/Linux) and Laptops/Endpoints using Tenable Nessus and Qualys.
Analysis & Prioritization: Analyze scan results to identify false positives and prioritize vulnerabilities based on CVSS scores, threat intelligence, and business criticality.
Client Coordination: Act as the primary point of contact for clients/system owners. Explain the technical how-to of fixing vulnerabilities and negotiate downtime for patching windows.
Remediation Management: Track the lifecycle of open vulnerabilities from discovery to closure. Collaborate with IT and Patch Management teams to ensure SLAs are met.
Reporting: Prepare detailed technical reports for engineering teams and high-level executive dashboards for client management, highlighting risk trends and remediation progress.
Configuration Review: Perform configuration compliance scanning (CIS Benchmarks) for servers and laptops to ensure hardening standards are met
Required Skills/Technologies/Tools
Core Tools: Deep expertise in Tenable Nessus (Tenable.sc / Tenable.io) and Qualys VM.
Operating Systems: Strong administration knowledge of Windows Server (Active Directory, Registry, Group Policy) and Linux (RHEL/Ubuntu/CentOS) to understand patch application.
Validation Tools: Familiarity with Nmap, Burp Suite (for basic web validation), and Metasploit (for verifying exploitability).
Scripting: Basic proficiency in Python, Bash, or PowerShell to automate scan data processing or reporting.
Soft Skills: Excellent verbal communication for client stakeholder management.
Good to have Technologies/Tools
Cloud Security: Experience with AWS or Azure native security tools (Inspector, Defender for Cloud).
