We are looking for someone with 6 to 7 years experience. Please find below the JD :-
The Team Lead – Vulnerability Management Analyst is responsible for leading a team that identifies, assesses, and manages security vulnerabilities across the organization's IT environment. This role ensures the timely remediation of risks and maintains the overall health and security posture of the enterprise systems.
Key Responsibilities
🔹 Leadership & Team Management
- Lead and mentor a team of vulnerability management analysts.
- Assign and prioritize tasks for vulnerability assessments and remediation tracking.
- Provide technical guidance and career development support to team members.
- Foster collaboration with cross-functional teams including IT, security operations, DevOps, and application teams.
🔹 Vulnerability Identification & Assessment
- Oversee regular vulnerability scans using tools like Tenable, Qualys, Rapid7, or Nexpose.
- Analyze vulnerability scan results to determine severity, risk, and impact.
- Ensure all assets in scope are continuously scanned and monitored for vulnerabilities.
🔹 Vulnerability Remediation Coordination
- Coordinate with system and application owners for timely remediation of identified vulnerabilities.
- Track remediation progress and escalate overdue or critical risks.
- Support the development of mitigation strategies when patches are not immediately available.
🔹 Risk Management & Reporting
- Prioritize vulnerabilities based on risk (CVSS, threat intelligence, asset value, exploitability).
- Produce detailed reports and dashboards for leadership, including KPIs and compliance metrics.
- Communicate risks clearly to both technical and non-technical stakeholders.
🔹 Tool Management & Automation
- Administer and fine-tune vulnerability scanning tools.
- Evaluate and implement new tools and technologies to improve VM efficiency.
- Automate scanning, ticketing, and reporting processes where possible.
🔹 Policy & Compliance Support
- Ensure adherence to internal security policies, industry regulations (e.g., PCI-DSS, ISO 27001, NIST).
- Participate in audits and provide documentation or evidence of vulnerability management practices.
🔹 Threat Intelligence Integration
- Integrate threat intelligence to contextualize and prioritize vulnerabilities.
- Stay updated on zero-day vulnerabilities, vendor advisories, and current exploit trends.
🔹 Incident Response Support
- Assist in incident investigations related to exploited vulnerabilities.
- Provide root cause analysis and support post-incident remediation.
Required Skills & Qualifications
- Deep understanding of vulnerability management processes, tools, and lifecycle.
- Strong leadership and interpersonal skills.
- Experience with vulnerability scanners and asset management tools.
- Knowledge of operating systems, networking, applications, and cloud infrastructure.
- Familiarity with frameworks such as CVSS, MITRE ATT&CK, NIST, CIS Controls.
- Excellent communication, report writing, and analytical skills.