Vulnerability Management Analyst II



Apply Now

<< Return to Search Results

Vulnerability Management Analyst II

Charlotte, NC

Brooksource is searching for a highly skilled Vulnerability Management Analyst to join our Healthcare Clients Cyber Organization for a contract to hire opportunity. As a Vulnerability Management Analyst you will analyze security requirements and implement solutions to detect weaknesses in the network and software and takes measures to correct and strengthen the security. Duties include:

  • Operate and maintain a vulnerability management infrastructure capable of performing and supporting credentialed scans, including devices and applications.
  • Develop and optimize toolset and services to provide comprehensive visibility, situational awareness, and response readiness
  • Ensure the vulnerability management capability is fully interoperable and integrated with existing vulnerability management capabilities
  • Perform and support security scans of designated systems to assess the effectiveness of the total system security and make mitigation recommendations to the system owners
  • Engage with stakeholders, to include IT professionals, management, and auditors to provide remediation assistance as appropriate, including developing reporting and guidance
  • Provide subject matter expertise and guidance to the business owners and system stakeholders
  • Reduce vulnerabilities within systems supporting the organizational mission
  • Identify vulnerabilities through various threat feeds, information sharing forums, alerts and other sources
  • Alert and escalate findings to technical POCs, as required, to potential risks presented by vulnerabilities, missing assets, configuration errors, and use of unauthorized software/hardware
  • Draft, maintain and update vulnerability management policies, procedures, and training
  • Review and refine requirements for information security solutions
  • Participate in penetration testing


·      Education: Bachelor's Degree

·      Experience: Minimum three years Vulnerability Management or Cybersecurity Engineering experience



·      Experience with enterprise networks and systems

·      Intermediate experience with enterprise security log collection and management

·      Intermediate experience with vulnerability scanning processes and tools (e.g., Qualys)

·      Intermediate experience with the Vulnerability Management lifecycle including; Discover, Prioritize, Assess, Report, Remediate, and Verify.

·      Intermediate metrics collection, analytical, reporting, and communication skills.

·      Intermediate skill in using network analysis tools to identify vulnerabilities.

·      Intermediate understanding of Windows patching

·      Intermediate interpersonal communication skill, both written and oral, with the ability to communicate effectively to technical and non-technical audiences. 

·      Intermediate technical writing skill.

·      Intermediate skill with MS Office suite of tools and SharePoint.

·      Intermediate skill in identifying systemic security issues based on the analysis of vulnerability and configuration data.

·      Ability to develop productive working relationships with business and technical groups.

·      Ability to effectively prioritize multiple responsibilities.

·      Ability to take direction as well as work with a high degree of independence. Ability to work as a member of a team.

·      Ability to embody the poise, presence, and personal integrity expected of an industry professional.

·      Ability to eagerly to seize responsibility, ownership, and initiative for assigned tasks.

·      Ability to drive/travel to multiple locations/facilities as needed.


·      Intermediate knowledge of vulnerability scoring systems (CVSS/CMSS)

·      Experience with Qualys

·      Experience with ServiceNow – Vulnerability Management Module

·      Experience in enterprise level Vulnerability Management and Scanning;

·      Able to think outside the box and provide innovative and positive recommendation of improvements to proactive prevention.

·      Intermediate knowledge of risk management processes.

·      Intermediate knowledge of information security regulations.

·      Intermediate knowledge of systems testing and evaluation methods (i.e.; unit testing, integration testing, regression testing).

·      Intermediate knowledge of fault tolerance.

·      Intermediate knowledge of information theory.

·      Intermediate knowledge of information technology (IT) supply chain security/risk management policies, requirements, and procedures.

Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.


Apply Now

Tagged as: Yes