Role Purpose
The Vulnerability Management Specialist is responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across the organization. The role focuses on leveraging Qualys, applying CVSS v3.1 scoring with business context, and delivering executive-level reporting on vulnerability posture aligned with the bank’s risk appetite. The position also supports penetration testing coordination and ensures remediation activities meet defined SLAs.
Key Responsibilities
Vulnerability Assessment & Scanning
- Perform regular vulnerability scanning using Qualys (mandatory) across infrastructure, applications, and endpoints
- Identify and validate vulnerabilities across:
- Servers, databases, and network devices
- Cloud and on-premise environments
- Ensure scanning coverage is comprehensive and aligned with asset inventory
Risk Prioritization & Analysis
- Prioritize vulnerabilities using CVSS v3.1 scoring, enhanced with:
- Asset criticality
- Business impact
- Threat intelligence inputs
- Distinguish between false positives and real risks through validation and analysis
- Provide risk-based recommendations for remediation
Remediation Tracking & SLA Management
- Track vulnerability remediation against defined SLAs
- Work closely with IT, infrastructure, and application teams to ensure timely fixes
- Develop and maintain remediation dashboards for visibility and accountability
- Escalate overdue or high-risk vulnerabilities to management
Reporting & Governance
- Prepare and present:
- Executive dashboards on vulnerability status and trends
- Quarterly vulnerability posture reports aligned with board-level risk appetite
- Highlight key risk areas, systemic weaknesses, and improvement actions
- Support risk committees, CISO, and senior leadership with actionable insights
Penetration Testing Coordination
- Coordinate and manage internal and external penetration testing engagements
- Ensure findings are:
- Properly documented
- Tracked for remediation
- Validate closure of penetration testing findings
Continuous Improvement & Compliance
- Enhance vulnerability management processes in line with industry best practices
- Integrate threat intelligence to improve risk prioritization
- Ensure alignment with:
- Internal security policies
- Regulatory requirements (banking/financial sector)
- Support audits and compliance reviews
Qualifications & Experience
Education
- Bachelor’s degree in:
- Cybersecurity
- Information Technology
- Computer Science or related field
Experience
- 4–8+ years of experience in:
- Vulnerability Management / Security Operations
- Enterprise-scale vulnerability assessment programs
- Proven experience with:
- Qualys Vulnerability Management (mandatory)
- CVSS scoring and risk-based prioritization
- Remediation lifecycle management
- Experience in banking or regulated environments is highly preferred
Technical Skills
- Strong knowledge of:
- Vulnerability scanning tools (Qualys, Tenable, Rapid7 – with Qualys as primary)
- CVSS v3.1 framework and risk scoring methodologies
- Experience with:
- Dashboarding tools (Power BI, Tableau, or similar)
- Patch and remediation workflows
- Familiarity with:
- Network and system security concepts
- Cloud security vulnerabilities (AWS, Azure, GCP)
Soft Skills
- Strong analytical and risk assessment skills
- Ability to translate technical vulnerabilities into business risk
- Effective stakeholder communication and coordination
- Attention to detail with strong follow-through
Key Competencies
- Vulnerability Assessment & Analysis
- Risk-Based Prioritization
- Remediation Tracking & SLA Management
- Security Reporting & Executive Communication
- Penetration Testing Coordination
- Continuous Improvement & Compliance
Certifications (Preferred)
- Qualys Certified Specialist
- CompTIA Security+ / CySA+
- CEH (Certified Ethical Hacker)
- CISSP (preferred for senior roles)
Ideal Candidate Profile
- Hands-on experience with Qualys in large enterprise environments
- Strong understanding of risk-based vulnerability management
- Experience preparing executive-level dashboards and board reports
- Ability to collaborate across technical and business teams to drive remediation
