Vulnerability Management Analyst

Vintti is a staffing agency that acts as an economic enabler. By connecting US-based SMBs, startups, and firms with top-tier Latin American talent, we drive growth on both sides of the equation. For US businesses, we offer access to a pool of highly skilled professionals at competitive rates, allowing for increased efficiency and scalability. For Latin American workers, we provide opportunities to engage with the US market, fostering professional development and economic advancement. Vintti stands at the intersection of global talent and American enterprise, facilitating partnerships that stimulate economic prosperity across borders.

A Vulnerability Management Analyst plays a critical role in safeguarding an organization's digital assets by identifying and mitigating security risks. This role involves conducting regular vulnerability assessments, analyzing security threats, and implementing corrective measures to protect against potential exploits. The analyst collaborates with IT and cybersecurity teams to ensure systems are updated and secure, utilizing various tools and methodologies to detect weaknesses. By continuously monitoring the security landscape, a Vulnerability Management Analyst helps to maintain the integrity, confidentiality, and availability of sensitive information, ultimately supporting the organization's overall cybersecurity posture.

- Bachelor's degree in Computer Science, Information Security, or a related field.
- Minimum of 3-5 years of experience in vulnerability management or a similar role.
- Strong understanding of operating systems, networking, and application security.
- Proficiency in using vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7).
- Experience conducting and analyzing results from penetration tests.
- Knowledge of common security frameworks and standards (e.g., NIST, ISO, CIS).
- Familiarity with security incident response processes and methodologies.
- Ability to interpret and communicate technical vulnerability data to non-technical stakeholders.
- Excellent problem-solving skills and attention to detail.
- Strong organizational and project management skills.
- Effective verbal and written communication skills.
- Ability to work collaboratively with cross-functional teams.
- Familiarity with secure coding practices and application security testing.
- Understanding of threat intelligence and patch management processes.
- Relevant security certifications (e.g., CISSP, CEH, OSCP) preferred.
- Experience with automated security testing tools and continuous integration/continuous deployment (CI/CD) pipelines is a plus.
- Proven ability to stay current with evolving threat landscapes and security technologies.
- Self-motivated with a strong desire for continuous learning and improvement.

- Identify and assess vulnerabilities in systems, networks, and applications.
- Perform regular vulnerability scans and penetration tests.
- Analyze and report on vulnerability data, detailing findings, impact, and mitigation steps.
- Manage and oversee the remediation process for identified vulnerabilities.
- Monitor security feeds and threat intelligence for new vulnerabilities and patches.
- Collaborate with IT, security, development, and operations teams to integrate vulnerability management.
- Track and prioritize vulnerabilities based on organizational risk.
- Verify remediations' effectiveness through follow-up scans and tests.
- Maintain and update vulnerability management tools and systems.
- Develop and implement vulnerability management policies, standards, and procedures.
- Communicate status and risk posture of vulnerabilities to stakeholders and management.
- Participate in security incident response activities related to vulnerabilities.
- Provide training and technical guidance on vulnerability management to teams.
- Stay current with industry trends, security advisories, and emerging threats.
- Assist in audit and compliance activities by providing documentation of efforts.
- Conduct root cause analysis for vulnerabilities to prevent recurrence.

The ideal candidate for the Vulnerability Management Analyst role is a highly analytical individual with a Bachelor's degree in Computer Science, Information Security, or a related field, coupled with 3-5 years of hands-on experience in vulnerability management or a similar role. They possess a strong technical aptitude, demonstrated through their proficiency with vulnerability scanning tools such as Nessus, Qualys, and Rapid7, as well as their experience in conducting and analyzing results from penetration tests. This person is well-versed in operating systems, networking, and application security, and has a thorough understanding of security frameworks and standards like NIST, ISO, and CIS. Their ability to interpret complex technical vulnerability data and communicate it effectively to non-technical stakeholders is essential, ensuring that risks are understood and addressed appropriately. The ideal candidate is proactive, keeping up to date with the latest security trends and threats, and demonstrates strong organizational and project management skills to handle multiple tasks efficiently. They are collaborative, working seamlessly with IT, security, development, and operations teams, and possess excellent problem-solving skills and attention to detail to develop and implement effective remediation strategies. Additionally, they hold relevant security certifications like CISSP, CEH, or OSCP, and show a commitment to continuous learning and improvement in the cybersecurity field. With a high level of integrity, they are dedicated to maintaining confidentiality and security, while their adaptability and agility enable them to thrive in a dynamic and evolving security landscape.

- Identify and assess vulnerabilities in systems, networks, and applications using automated tools and manual techniques.
- Manage and respond to vulnerability findings, working with IT and security teams to ensure timely remediation.
- Coordinate and perform regular vulnerability scans and penetration tests.
- Analyze vulnerability data and create reports detailing findings, impact, and mitigation steps.
- Monitor security feeds and threat intelligence sources for new vulnerabilities and patches.
- Collaborate with development and operations teams to integrate security best practices into the software development lifecycle.
- Track and prioritize vulnerabilities based on risk to the organization.
- Verify the effectiveness of remediations through follow-up scans and tests.
- Maintain and update vulnerability management tools and systems.
- Develop and implement policies, standards, and procedures related to vulnerability management.
- Communicate vulnerability status and risk posture to stakeholders and management through regular updates and presentations.
- Participate in security incident response activities as needed, particularly those related to discovered vulnerabilities.
- Provide training and technical guidance on vulnerability management and secure coding practices to other teams.
- Stay current with industry trends, security advisories, and emerging threats to continually improve vulnerability management processes.
- Assist in audit and compliance activities, providing evidence and documentation of vulnerability management efforts.
- Conduct root cause analysis for security incidents and vulnerabilities to prevent recurrence.

- Analytical mindset with a keen eye for identifying and addressing vulnerabilities.
- Strong technical aptitude and hands-on experience with various security tools and technologies.
- Proactive in staying current with the latest security trends and threats.
- Excellent communication skills to effectively convey complex technical issues to diverse audiences.
- Detail-oriented approach to ensure thorough assessment and documentation of vulnerabilities.
- Collaborative team player capable of working across various departments and teams.
- Strong problem-solving skills to develop effective remediation strategies.
- High level of integrity and a commitment to maintaining confidentiality and security.
- Self-motivated and driven to continually improve security processes and practices.
- Strong organizational skills to manage multiple tasks and projects simultaneously.
- Agile and adaptable to changing priorities and evolving security landscapes.
- Ability to think critically and creatively to anticipate potential security issues.
- Passion for cybersecurity and a dedication to protecting organizational assets.

- Competitive salary range based on experience and qualifications.
- Comprehensive health, dental, and vision insurance plans.
- 401(k) retirement plan with company matching contributions.
- Paid time off (PTO) including vacation days, holidays, and sick leave.
- Flexible working hours and remote work options.
- Professional development opportunities, including training programs, certifications, and conferences.
- Tuition reimbursement for continuing education.
- Employee wellness programs and resources.
- Life and disability insurance coverage.
- Employee assistance program (EAP) for mental health and counseling services.
- Technology and home office stipends.
- Opportunities for career advancement within the organization.
- Diverse and inclusive work environment.
- Regular team-building activities and company events.
- Performance-based bonuses and incentives.
- Access to the latest security tools and technologies.
- Supportive and collaborative work culture.