Specialist - Vulnerability Management; m​/f​/d

Role Purpose

The Vulnerability Management Specialist is responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across the organization. The role focuses on leveraging Qualys, applying CVSS v3.1 scoring with business context, and delivering executive-level reporting on vulnerability posture aligned with the bank’s risk appetite. The position also supports penetration testing coordination and ensures remediation activities meet defined SLAs.

• Perform regular vulnerability scanning using Qualys across infrastructure, applications, and endpoints
• Identify and validate vulnerabilities across:
  • Servers, databases, and network devices
  • Cloud and on-premise environments
• Ensure scanning coverage is comprehensive and aligned with asset inventory

• Prioritize vulnerabilities using CVSS v3.1 scoring, enhanced with:
  • Asset criticality
  • Business impact
  • Threat intelligence inputs
• Distinguish between false positives and real risks through validation and analysis
• Provide risk-based recommendations for remediation

• Track vulnerability remediation against defined SLAs
• Work closely with IT, infrastructure, and application teams to ensure timely fixes
• Develop and maintain remediation dashboards for visibility and accountability
• Escalate overdue or high-risk vulnerabilities to management

• Prepare and present:
  • Executive dashboards on vulnerability status and trends
  • Quarterly vulnerability posture reports aligned with board-level risk appetite
• Highlight key risk areas, systemic weaknesses, and improvement actions
• Support risk committees, CISO, and senior leadership with actionable insights

• Coordinate and manage internal and external penetration testing engagements
• Ensure findings are:
  • Properly documented
  • Tracked for remediation
• Validate closure of penetration testing findings

• Enhance vulnerability management processes in line with industry best practices
• Integrate threat intelligence to improve risk prioritization
• Ensure alignment with:
  • Internal security policies
  • Regulatory requirements (banking/financial sector)
• Support audits and compliance reviews

• Bachelor’s degree in:
  • Cybersecurity
  • Information Technology
  • Computer Science or related field

• 4–8+ years of experience in:
  • Vulnerability Management / Security Operations
  • Enterprise-scale vulnerability assessment programs
• Proven experience with:
  • Qualys Vulnerability Management (mandatory)
  • CVSS scoring and risk-based prioritization
  • Remediation lifecycle management
• Experience in banking or regulated environments is highly preferred

• Strong knowledge of:
  • Vulnerability scanning tools (Qualys, Tenable, Rapid7 – with Qualys as primary)
  • CVSS v3.1 framework and risk scoring methodologies
• Experience with:
  • Dashboarding tools (Power BI, Tableau, or similar)
  • Patch and remediation workflows
• Familiarity with:
  • Network and system security concepts
  • Cloud security vulnerabilities (AWS, Azure, GCP)

• Strong analytical and risk assessment skills
• Ability to translate technical vulnerabilities into business risk
• Effective stakeholder communication and coordination
• Attention to detail with strong follow-through

• Vulnerability Assessment & Analysis
• Risk-Based Prioritization
• Remediation Tracking & SLA Management
• Security Reporting & Executive Communication
• Penetration Testing Coordination
• Continuous Improvement & Compliance

• Qualys Certified Specialist
• CompTIA Security+ / CySA+
• CEH (Certified Ethical Hacker)
• CISSP (preferred for senior roles)

• Hands-on experience with Qualys in large enterprise environments
• Strong understanding of risk-based vulnerability management
• Experience preparing executive-level dashboards and board reports
• Ability to collaborate across technical and business teams to drive remediation