Vulnerability Management Analyst

Job Description:

We are seeking a highly motivated and detail-oriented Junior Vulnerability Analyst with a strong focus on workstation remediation, attack surface management, and security metrics. The ideal candidate will play a key role in identifying, analyzing, and mitigating vulnerabilities across the organization’s technology landscape, ensuring compliance and risk reduction for both workstations and internet-facing assets.

This role will involve collecting and analyzing vulnerability data, assisting in remediation efforts, and supporting IT asset security. The analyst will work closely with cross-functional teams, including IT, security, and business stakeholders, to drive effective vulnerability management and ensure compliance with security frameworks.

Key Vulnerability Management Responsibilities:

• Assist in analyzing and prioritizing vulnerabilities on workstations based on risk impact, exploitability, and severity, ensuring critical issues are remediated promptly.
• Support workstation vulnerability remediation efforts, tracking security risks, and collaborating with IT teams to ensure timely patching and configuration updates.
• False Positive Analysis – Assist in identifying and reviewing false positives in vulnerability scans to ensure remediation efforts focus on genuine threats.
• Collaborate with IT and security teams to remediate vulnerabilities within workstation environments, providing support for patching, configuration management, and endpoint security enhancements.
• Serve as a liaison between Business Information Security (BIS) teams and IT teams, ensuring alignment between security initiatives and business objectives.
• Work closely with IT teams to track and drive remediation efforts for workstation vulnerabilities, ensuring compliance with remediation SLAs and security policies.
• Assist in implementing and maintaining remediation workflows for workstations, focusing on automation and process optimization to streamline vulnerability resolution.
• Develop and maintain documentation for workstation remediation procedures, security best practices, and troubleshooting guides.
• Conduct regular reviews of the organization's internet-facing attack surface to identify exposed assets and associated vulnerabilities.
• Assist in developing and implementing remediation strategies to reduce the attack surface, including secure configurations, patching, and continuous monitoring of internet-facing services.
• Use security tools to track and manage attack surface changes, ensuring newly identified vulnerabilities are promptly addressed.
• Support collaboration with teams managing internet-facing services, ensuring timely remediation of critical vulnerabilities.
• Maintain clear communication channels for tracking and reporting the status of vulnerabilities and remediation efforts for both workstations and publicly accessible assets.
• Effectively communicate findings and remediation plans through well-structured reports, security briefings, and documentation.

Metrics & KPIs Development:

• Assist in developing, monitoring, and reporting on key vulnerability management metrics and KPIs, with a strong emphasis on workstation security, including patch compliance, endpoint protection status, and vulnerability remediation rates.
• Design and present dashboards and periodic reports that track workstation vulnerability remediation progress, risk reduction, and compliance status for both internal workstations and internet-facing assets.
• Analyze vulnerability trends in workstation environments, identifying common weaknesses, misconfigurations, and unpatched systems. Provide actionable insights to senior leadership and IT teams to enhance workstation security posture.
• Support efforts to improve workstation security hygiene by identifying recurring vulnerabilities, monitoring endpoint security configurations, and collaborating with IT teams to implement best practices for workstation hardening.

Compliance & Reporting:

• Ensure vulnerability management processes for workstations and externally exposed services comply with industry standards and regulatory frameworks (e.g., PCI-DSS, NIST, ISO 27001) as well as Johnson and Johnson Standard Operating Procedures (SOPs).
• Assist in internal and external audits by gathering documentation, compiling reports, and organizing evidence related to vulnerability management, with guidance from senior analysts. Focus areas include workstation security and external attack surface protection.

Technical Skills:

• Vulnerability Assessment & Management – Hands-on experience with vulnerability scanning tools (e.g., Rapid7 InsightVM or Qualys) to identify and mitigate risks, with a focus on workstation security and internet-facing assets.
• External Attack Surface Management (EASM) – Familiarity with tools such as Shodan, Palo Alto Cortex Xpanse, or similar platforms to monitor and assess externally exposed assets for vulnerabilities and misconfigurations.
• Operating System Security – Strong understanding of Windows, macOS, and Linux security configurations, hardening techniques, and patch management in both workstation and cloud-hosted environments.
• Security Frameworks & Compliance – Familiarity with industry standards and best practices, including NIST, CIS, ISO 27001, and regulatory compliance requirements.
• Scripting & Automation – Basic proficiency in scripting languages such as Python, PowerShell, or Shell scripting for automating security tasks and vulnerability reporting.
• Data Analysis & Visualization – Experience with Power BI (or similar tools) to create security dashboards, analyze trends, and present vulnerability insights effectively.

Soft Skills:

• Strong Analytical & Problem-Solving Skills – Ability to assess and mitigate vulnerabilities in both internal and external environments, leveraging security tools and frameworks to reduce risk.
• Effective Communication & Reporting – Skilled at articulating complex workstation security and attack surface insights to both technical and non-technical stakeholders through reports, dashboards, and presentations.
• Detail-Oriented & Proactive – Demonstrates a keen eye for identifying vulnerabilities and applies security best practices to ensure timely remediation.
• Business Interaction & Collaboration – Capable of engaging with business stakeholders to discuss vulnerabilities, risk impact, and mitigation strategies while aligning security efforts with business objectives.
• Enterprise-Level Experience – Familiarity with working in large organizations, understanding enterprise security challenges, and collaborating with IT, security, and compliance teams.
• Presenting & Interpreting Vulnerability Metrics – Comfortable presenting vulnerability data to business leaders and technical teams using security platforms (e.g., Rapid7 InsightVM, Qualys) and visualization tools (e.g., Tableau, Power BI). Provides actionable insights for risk reduction, remediation prioritization, and security improvements based on CVSS scores, exploitability, and asset criticality.

Qualifications:

• Relevant certifications preferred (e.g., CompTIA Security+, CEH, CISSP, CISA, GIAC).

Experience:

• 2+ years of experience in vulnerability management, information security, or a related field, with a focus on workstation remediation and attack surface management.
• Proven experience in developing and managing vulnerability metrics and KPIs.