Analyst, Cyber Security - Vulnerability Management

About This Opportunity

We are seeking a Cybersecurity Analyst (Vulnerability Management) to join our Cybersecurity team. This key role within the Security Engineering group is responsible for maintaining and strengthening the organization’s security posture.

The analyst leads the end-to-end vulnerability management lifecycle—from scanning and analysis to driving remediation—across our IT, Operational Technology (OT), and Application Security environments. The analyst plays a critical role in embedding security practices into development and infrastructure operations to reduce risk and ensure compliance with regulatory standards.

Responsibilities

• Contribute to and execute the vulnerability management lifecycle across IT and OT environments, including regular scanning, analysis, prioritization, and tracking until closure.
• Support the management, configuration, and tuning of Application Security (AppSec) tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to proactively identify and manage risks in the Software Development Lifecycle (SDLC).
• Utilize and integrate threat intelligence feeds to enrich vulnerability data, allowing for risk-based prioritization focused on actively exploited or highly relevant threats.
• Perform periodic security configuration assessments against servers, network devices, and platforms to identify and remediate configuration drift and hardening deficiencies.
• Coordinate and collaborate with infrastructure teams to ensure timely and effective deployment of patches and updates across all managed assets, ensuring minimal operational impact.
• Partner with DevOps, Infrastructure (Infra), and Cloud teams to embed security as code, ensuring secure configurations and practices are maintained in CI/CD pipelines (DevSecOps).
• Support and track the remediation of security audit and compliance findings related to vulnerabilities, policy violations, and control gaps.
• Assist in the analysis and configuration review of network security controls, including Firewall configurations, to ensure security policies align with risk tolerance.
• Generate detailed and executive-level reports to demonstrate adherence to regulatory and internal security policies and frameworks.
• Create and maintain comprehensive technical documentation for vulnerability management procedures, tool configurations, standard operating procedures (SOPs), and risk treatment plans.

Qualifications

• College diploma and/or degree in Cybersecurity, Computer Science, or a related technical field is required.
• A minimum of one foundational security certification is required, such as CompTIA Security+ or an equivalent credential.
• Relevant vendor or professional certifications such as AZ-500 (Azure Security Engineer), AZ-400 (Azure DevOps Engineer), AZ-104 (Azure Administrator), AZ-204 (Azure Developer), or GIAC certifications are an asset.
• 1–3 years of experience in Vulnerability Management or a related security role is required.
• Experience in OT or a strong understanding of the unique security and availability requirements for securing industrial control systems (ICS) is an asset.
• Knowledge of industry security frameworks and benchmarks, such as NIST, ISO frameworks, SOC 2, and CIS.
• Familiarity with the Microsoft Azure technology stack, including Microsoft Defender for Cloud (MDC), Data Loss Prevention (DLP), Defender for Endpoint/Email, and Azure DevOps with a focus on securing CI/CD pipelines, is preferred.
• Proficient documentation skills for technical procedures and reporting are required.
• Demonstrated ability as a good problem solver, good communicator (both written and verbal), and possessing a strong desire to learn and adapt to complex, evolving technologies is essential.

#LI-JB1

#CBSAS