Vulnerability Management Analyst @ Locuz

Role & responsibilities

Key Responsibilities:

• Vulnerability Assessment & Analysis
  • Review results from internal and external vulnerability scans, penetration tests, red team exercises, and threat intelligence sources.
  • Correlate and analyze findings to identify trends, critical risks, and potential impact.
• Remediation & Mitigation Coordination
  • Prioritize vulnerabilities based on risk, business impact, and exploitability.
  • Coordinate remediation efforts across cross-functional teams and track progress to closure.
• Process Operationalization
  • Collaborate with peers to implement and enhance defined vulnerability management workflows and standard operating procedures (SOPs).
  • Continuously improve vulnerability lifecycle processes in line with industry best practices.
• Patch & Configuration Management
  • Ensure timely patching of systems and applications.
  • Enforce secure baseline configurations for operating systems and software across environments.
• Policy & Governance Support
  • Contribute to the creation, review, and implementation of security policies, standards, and guidelines.
  • Support compliance efforts as part of the organizations ISMS (Information Security Management System).
• Threat Monitoring & Intelligence
  • Stay updated on emerging vulnerabilities, exploits, and threat actor tactics.
  • Recommend proactive security enhancements based on evolving threat landscapes.
• Documentation & Knowledge Sharing
  • Develop technical documentation, SOPs, and runbooks to support vulnerability management operations and audits.
• Cross-Team Collaboration
  • Partner with other InfoSec teams (e.g., SOC, GRC, Cloud Security) to drive aligned and efficient security operations.

Qualifications:

• Bachelors degree in Information Security, Information Technology, Computer Science, or a related field.
• 1 to 5 years of hands-on experience in Threat and Vulnerability Management.
• Proficiency with industry-standard VAPT tools
• Experience working with cloud security tools and platforms (AWS, Azure, GCP).
• Strong analytical, problem-solving, and communication skills.
• Willingness to work flexible or late shifts, as required.