Vulnerability Management Analyst

Overview

Cybersecurity | Vulnerability Management We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced Vulnerability Management Analyst to take ownership of the end-to-end vulnerability management lifecycle across a complex enterprise environment. This is a highly operational and business-critical role focused on transforming raw vulnerability data into measurable risk reduction. The successful candidate will act as the central coordination point between security tooling, infrastructure teams, cloud teams, application owners, and remediation stakeholders to ensure vulnerabilities are prioritised, tracked, governed, and resolved effectively.

• Consolidate vulnerability findings from multiple security platforms into a single prioritised remediation backlog
• Prioritise vulnerabilities using CVSS, EPSS, KEV catalog data, threat intelligence, exploitability, and asset criticality
• Assign findings to infrastructure, application, and cloud owners and track remediation activities through to closure
• Escalate overdue remediation items and ensure SLA adherence across teams
• Host weekly remediation and governance sessions with technical stakeholders
• Produce weekly and monthly vulnerability management reports including:
  Open vs closed findings, Vulnerability aging analysis, SLA adherence metrics, Trend analysis, Top recurring issues and offenders
• Manage exception workflows for vulnerabilities that cannot be remediated within agreed timelines
• Ensure all approved exceptions are documented, time-bound, and audit-ready
• Feed residual risks and unresolved findings into the enterprise Risk Register
• Support continuous improvement initiatives across vulnerability management processes and reporting

• Minimum 3+ years of hands-on vulnerability management experience
• Strong experience with:
  Tenable.sc, Rapid7, Git Lab Secure, Jira and/or Service Now
• Strong understanding of:
  Vulnerability prioritisation methodologies, CVSS scoring, EPSS, CISA KEV catalog, threat intelligence-driven remediation
• Experience working across infrastructure, cloud, and application security environments
• Strong scripting and automation skills using Python, Bash, or Power Shell

• Familiarity with: NIST CSF 2.0, ISO 27001, MITRE ATT&CK, UAE IA Regulation
• Understanding of remediation governance, exception handling, and audit readiness
• Experience managing security metrics, reporting, and SLA tracking

• Relevant industry certifications are highly desirable, including: CISSP, GCIH, OSCP, CCSP

• Excellent written and verbal communication skills
• Ability to engage effectively with both technical teams and senior leadership
• Strong organisational and stakeholder management capability
• High attention to detail with a proactive and accountable mindset

• Achieve and maintain remediation SLA targets across all severity levels
• Eliminate vulnerability backlog growth through effective remediation governance
• Provide leadership with a single, accurate source of truth for enterprise vulnerability posture
• Ensure all critical vulnerabilities are either remediated or formally exception-approved within defined timelines
• Build sustainable vulnerability management processes with measurable operational improvement

Salt is acting as an Employment Business in relation to this vacancy.