Compunnel
We are seeking an experienced Vulnerability Subject Matter Expert (SME) to support our Infrastructure & Operations (I&O) team. The ideal candidate will have over 10+ years of experience in vulnerability management, documentation, and reporting, with hands-on technical expertise. In this role, you will be responsible for reviewing vulnerability reports, assessing proposed remediation strategies, and providing guidance to teams for the effective remediation and mitigation of vulnerabilities within the organization's systems and networks. Key Responsibilities: Vulnerability Management & Remediation: Review vulnerability reports regularly, assess the risk of vulnerabilities within the organization's infrastructure, and propose actionable remediation plans. Provide subject matter expertise to technical teams on remediation and mitigation techniques for identified vulnerabilities. Monitor vulnerability remediation progress and ensure the implementation of fixes in a timely manner, tracking against key performance indicators (KPIs). Evaluate the impact of proposed remediation strategies, ensuring minimal disruption to business operations while mitigating risks. Documentation & Reporting: Maintain up-to-date and accurate documentation on vulnerability assessments, remediation efforts, and risk mitigation strategies. Develop and present comprehensive vulnerability assessment reports for both technical and non-technical stakeholders. Submit regular change requests, plans of action, and status updates on vulnerability remediation efforts. Ensure proper documentation for audit purposes and compliance with internal and external standards. Research & Analysis: Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and industry best practices. Research emerging vulnerabilities and collaborate with both internal and external teams to share knowledge and insights on new threats and mitigation strategies. Provide clear guidance and technical instructions for remediating or mitigating identified vulnerabilities. Conduct root cause analysis on recurring vulnerabilities and recommend long-term strategies to prevent future occurrences. Collaboration & Stakeholder Engagement: Collaborate with IT, security, and other cross-functional teams to ensure vulnerabilities are properly remediated. Advise senior leadership on risk status and provide recommendations for improving the overall security posture. Communicate effectively with both technical teams and business units to translate complex security issues into actionable insights and recommendations. Required Qualifications: Experience: 10+ years in vulnerability management, cybersecurity, or related fields, with a focus on vulnerability remediation and mitigation strategies. Technical expertise: Extensive hands-on experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7, etc.), network security, and incident response. Knowledge of security frameworks and industry standards (e.g., NIST, CIS, OWASP Top 10). Strong proficiency in documentation and reporting, with the ability to communicate technical details effectively to both technical and non-technical stakeholders. Proven experience in researching, analyzing, and addressing emerging cybersecurity threats and vulnerabilities. Ability to lead, coordinate, and provide guidance to cross-functional teams in identifying and mitigating security risks. Preferred Qualifications: Certifications such as CISSP, CISM, CISA, CEH, or similar credentials. Experience with cloud security (AWS, Azure, Google Cloud) and understanding of cloud-specific vulnerabilities. Strong understanding of networking protocols, operating systems, and security tools. Experience in risk management, business continuity, and disaster recovery planning. Skills: Expertise in vulnerability remediation and cybersecurity best practices. Strong analytical and problem-solving skills to assess vulnerabilities and recommend mitigation strategies. Excellent communication skills, including the ability to convey complex security issues to non-technical stakeholders. Proficiency in security tools and vulnerability scanning platforms. Strong organizational and project management skills to track progress and ensure deadlines are met. The role involves remote or hybrid work, depending on the company's policies. Flexibility with the working hours is possible due to the global nature of security threats. On-call availability may be required for urgent security vulnerabilities or incidents. #J-18808-Ljbffr