Information Security Analyst (Vulnerability)

Description

Job Summary: The Vulnerability Management Analyst is responsible for identifying, assessing, and managing vulnerabilities in systems and networks to protect the organization against cyberattacks. Key Highlights: 1. Conduct and automate vulnerability scans across IT infrastructures 2. Develop and implement vulnerability mitigation strategies 3. Stay up to date with the latest security trends and best practices **JOB DESCRIPTION:** The Vulnerability Management Analyst is a professional responsible for identifying, assessing, and managing vulnerabilities in information systems and computer networks. The primary objective is to protect the organization against\-cyberattacks and data breaches, ensuring system security and integrity. **PRIMARY RESPONSIBILITIES:** Conduct and automate vulnerability scans across Engineering and IT infrastructures using advanced tools and standardized methodologies; Analyze scan results, identifying and prioritizing remediation actions for vulnerabilities such as SQL Injection, Cross\-Site Scripting (XSS), authentication flaws, and exposure of sensitive ports; Develop and implement vulnerability mitigation strategies, focusing on preventing common attacks and exposures; Stay\-up to date with the latest security trends, vulnerabilities, and recommended practices, including understanding security frameworks such as OWASP Top 10 and MITRE ATT\&CK Prepare periodic reports on the information security posture, highlighting risk areas and action plans; Collaborate with developers and system administrators to implement secure practices and remediate identified vulnerabilities; Participate in the creation and review of information security policies and procedures, ensuring they are robust and effective; Conduct regular security assessments, including penetration testing, to identify and mitigate potential risks. MINIMUM REQUIREMENTS Practical experience with vulnerability scanning tools, preferably Tenable; Solid knowledge of scripting languages for automation, preferably Python and PowerShell; In-depth understanding of networking and operating systems; Analytical and problem-solving skills; Clear and effective communication, both written and verbal; Ability to collaborate with multidisciplinary teams; Proactivity and autonomy in task management; Ability to prioritize and manage multiple demands. SPECIFIC REQUIREMENTS **Courses and Certifications (preferred):** Certified Ethical Hacker (CEH) CompTIA Security\+ Offensive Security Certified Professional (OSCP) **ACADEMIC QUALIFICATIONS:** Bachelor's degree in Information Technology / Information Security; Specialization in Cyber Security / Cyber Threat Intelligence / Digital Forensics and Cyber Investigation. **LANGUAGE:** Technical English for opening and updating tickets with foreign vendors. **SPECIFIC KNOWLEDGE:** Tenable One **Minimum Education Level:** Bachelor's Degree