Vulnerability Management Specialist

As a Vulnerability Management Specialist, you will play a critical role in safeguarding our firm's information systems by conducting comprehensive vulnerability assessments, identifying and prioritizing security weaknesses, and collaborating with various teams and departments to develop and implement effective mitigation strategies.

You will be instrumental in enhancing our cybersecurity posture through meticulous analysis, strategic planning, and continuous improvement practices.

Vulnerability Assessment & Monitoring: Conduct regular and thorough vulnerability assessments on endpoints and servers, primarily utilizing the Tenable platform. Continuously monitor the Tenable platform for new and evolving vulnerabilities, ensuring timely identification and response.

Vulnerability Analysis & Prioritization: Identify vulnerabilities in the system and prioritize them based on their severity, impact, and potential risks to the firm.

Categorize vulnerabilities considering various factors like exploitability, asset criticality, and potential business impact. Collaboration & Coordination: Work closely with the Middle East Network Information Security (NIS) team to ensure alignment on vulnerability management priorities.

Collaborate with the global End User Device Management (EUDM), Local Tech Majlis, application owners, system administrators, and other relevant teams to develop and implement effective mitigation strategies. Engage with counterparts in the United Kingdom to leverage lessons learned and incorporate best practices into the vulnerability management process.

Reporting & Communication: Analyze data from the Tenable platform and other sources to provide detailed, actionable reports to relevant stakeholders.

Communicate effectively with technical and non-technical stakeholders to ensure a clear understanding of vulnerabilities, impacts, and remediation strategies.

Remediation Tracking & Management: Work with stakeholders to prioritize and track the progress of vulnerability remediation efforts. Ensure that remediation activities are conducted within agreed timeframes and compliance requirements.

Continuous Improvement: Regularly review and update vulnerability management policies and procedures to reflect changing threats and firm needs.

Stay abreast of the latest cybersecurity trends, tools, and best practices to continuously enhance the vulnerability management program.

Level 2: Cybersecurity Analysis Description: Demonstrates in-depth knowledge of cybersecurity threats and vulnerabilities, employing advanced analytical skills to assess and prioritize risks.

Expectations: Conducts thorough vulnerability assessments using industry-standard tools and methodologies.

Accurately identifies and classifies vulnerabilities based on severity and potential impact.

Regularly updates and refines vulnerability assessment criteria to align with evolving cybersecurity threats.

Level 2: Vulnerability Management Description: Develops and implements strategic plans for vulnerability management, including prevention, mitigation, and response strategies.

Expectations: Designs and executes vulnerability management programs that align with organizational security policies.

Collaborates with IT and security teams to ensure comprehensive coverage of all systems and applications.

Monitors and reports on the effectiveness of vulnerability management strategies, suggesting improvements as needed.

Level 2: Technical Proficiency Description: Exhibits expertise in utilizing a range of cybersecurity tools and practices, maintaining up-to-date knowledge of technological advancements.

Expectations: Demonstrates proficiency in using advanced security tools for network scanning, penetration testing, and threat analysis.

Keeps abreast of new security technologies and integrates them into existing vulnerability management practices.

Trains and mentors junior team members in the use of cybersecurity tools and techniques.

 Level 2: Communication Description: Effectively communicates complex cybersecurity concepts to diverse audiences, ensuring clarity in both written and verbal forms.

Expectations: Articulates technical details clearly to non-technical stakeholders, facilitating informed decision-making.

Develops comprehensive reports and presentations on vulnerability findings and remediation strategies.

Actively participates in cross-departmental meetings, providing expert insights into cybersecurity issues.

Level 2: Collaboration Description: Fosters a collaborative environment, working effectively with cross-functional teams to enhance overall cybersecurity posture.

Expectations: Engages in proactive knowledge sharing and collaboration with IT, network, and security teams.

Participates in joint initiatives to develop and refine organizational cybersecurity strategies.

Supports team members in resolving complex security challenges, fostering a cooperative work environment.

Level 2: Continuous Learning Description: Committed to continuous professional development, staying abreast of the latest cybersecurity trends and best practices.

Expectations: Actively seeks out and engages in professional development opportunities, such as certifications and trainings.

Regularly contributes to internal knowledge bases with latest findings and learnings in cybersecurity.

Applies new knowledge and skills to enhance the effectiveness of vulnerability management processes.

Level 2: Customer Focus Description: Aligns cybersecurity efforts with client needs and expectations, delivering tailored solutions that enhance client trust and satisfaction.

Expectations: Conducts regular client consultations to understand unique security needs and adapt strategies accordingly.

Develops and maintains strong client relationships, ensuring transparent communication and feedback loops.

Customizes cybersecurity solutions to address specific client concerns and regulatory requirements.