Vulnerability Analyst

Job Title: CVE Operations Analyst Role Overview: The VM Analyst will be accountable for BAU vulnerability work inclusive of triaging, case management, and SLA tracking. The VM Analyst will need to familiarize themselves with the firm's scanning tools, processes, and VM Procedure, triaging vulnerabilities, communicating status, guiding system owners in remediation, updating cases, reviewing system owner comments and requests. The VM Analyst will also be required to develop deep operational expertise of the VM platform/s to mature and improve the platform determine possible future automation needs and work with the dev team to fix bugs, test fixes in QA, and streamline the processes via the platform. These resources must also be able to explain and present the VM process and tool usage to system owners and provide basic guidance around VM Reporting and metrics. These resources should be specifically prepared for zero-day response and bypass of normal patch SLAS — the response window compresses to mere hours inclusive of Weekend and Holiday times. These resources will be expected to be part of the on-call schedule representative of their time zones and ensure appropriate follow-the-sun hand-off of an active incident. Required Qualifications 5+ years of experience in vulnerability, technology security operations, or related SRE functions. Vulnerability management knowledge • CVSS / EPSS / exploitability • OS/app patching ecosystems • cloud vs on-prem differences • scripting / automation • threat intel integration Additional Skills: • Strong analytical and problem-solving mindset • Basic understanding of SDLC, IT Asset Management, cloud computing, and third-party software supply chains • Ability to communicate effectively across technical and non-technical audiences • Experience managing competing priorities in fast-paced environments • Self-starter with ability to drive initiatives independently • Basic understanding of emerging LLM/Al technologies Ability to document user-stories and/or bugs •(Bonus) Prior experience with commercial off the shelf Vulnerability Management scanning tooling (or adjacent Observability Management or Endpoint Security tools) • (Bonus) Experience with Spunk and/or Grafana