SOC Analyst - Vulnerability Management

We are seeking a skilled and detail-oriented Cybersecurity Risk & Vulnerability Engineer to lead efforts in asset inventory management, vulnerability scanning, risk assessment, and remediation coordination. The ideal candidate will have hands-on experience with industry-standard tools and frameworks, and a strong understanding of cybersecurity principles across infrastructure and applications.

Key Responsibilities :

1. Asset & Inventory Assessment

Maintain a complete and accurate inventory of digital assets including servers, endpoints, cloud workloads, applications, and network devices.

Utilize CMDBs and automated asset discovery tools for real-time visibility.

Classify assets based on criticality, lifecycle, and ownership.

Map vulnerabilities to asset importance for risk-based prioritization.

2. Vulnerability Scanning

Operate and manage vulnerability scanning platforms (e.g., Qualys).

Schedule, execute, and validate scans across various environments.

Analyze scan results, eliminate false positives, and ensure full coverage.

Integrate scanners with ticketing systems and reporting dashboards.

3. Risk Assessment

Evaluate vulnerabilities using CVSS scores, exploitability, exposure, and business impact.

Identify weak points and assess real-world risk scenarios.

Prepare and present risk reports to security leadership and technical teams.

Apply knowledge of security standards and frameworks (CIS, NIST, ISO 27001, MITRE ATT&CK).

4. Remediation & Mitigation

Coordinate remediation efforts with infrastructure, application, and business teams.

Recommend secure configurations, patching strategies, and compensating controls.

Track remediation SLAs and ensure accountability.

Design and manage mitigation roadmaps to close critical vulnerabilities within defined timelines.

Required Skills & Qualifications :

Proven experience in cybersecurity engineering, vulnerability management, or risk analysis.

Hands-on expertise with tools like Qualys, Tenable, or Rapid7.

Familiarity with CMDBs and asset discovery platforms.

Strong analytical and communication skills.

Knowledge of regulatory and compliance standards.

Relevant certifications (e.g., CEH, CISSP, Security+, or equivalent) preferred.