Associate Vulnerability Assessment Specialist

• Conducts vulnerability scans using automated tools and assist in manual assessments to identify vulnerabilities in systems, networks, applications, and infrastructure components
• Analyzes scan results and determine the severity and potential impact of identified vulnerabilities
• Assists in evaluating the potential risks associated with identified vulnerabilities
• Analyzes the context, potential attack vectors, and business impact to prioritize vulnerabilities based on risk severity and exploitability
• Collaborates with system owners, administrators, and IT teams to provide guidance on vulnerability remediation
• Recommends mitigation measures, configuration changes, and patches to address identified vulnerabilities
• Tracks and verifies the closure of remediation actions
• Assists in preparing vulnerability assessment reports, documenting assessment findings, and recommending risk mitigation strategies
• Maintains accurate records of vulnerability assessments, tracking progress, and maintaining vulnerability databases
• Utilizes vulnerability assessment tools and technologies to conduct scans, analyze results, and assist in identifying emerging threats
• Stays updated with the latest vulnerabilities, exploits, and security trends to enhance assessment methodologies
• Works closely with cross-functional teams, including IT operations, development teams, and security stakeholders, to communicate vulnerability findings, mitigation strategies, and remediation progress
• Provides guidance and assistance to ensure a coordinated response to vulnerabilities
• Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene to promote a culture of security awareness
• Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools
• Identifies areas for improvement and recommend solutions to enhance efficiency and effectiveness in vulnerability management practices
• Performs any other task as required

• Bachelor's degree or equivalent in Computer Science, Information Security, or a related field
• Entry level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts
• Entry level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review
• Familiarity with vulnerability assessment methodologies, tools, and industry best practices
• Basic understanding of networking concepts, operating systems, and common software vulnerabilities
• Knowledge of vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools
• Understanding of risk analysis principles and the ability to assess the business impact of vulnerabilities
• Familiarity with vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases
• Good analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend remediation actions
• Good communication skills, both written and verbal, to effectively communicate technical concepts to non-technical stakeholders
• Ability to collaborate and work effectively in cross-functional teams
• Familiarity with security frameworks and standards, such as NIST, ISO 27001, or CIS Controls, is advantageous

Relevant certifications, such as Certified Ethical Hacker (CEH), CompTIA Security+, or GIAC Certified Penetration Tester (GPEN), are beneficial but not required