Vulnerability Management Specialist

We are seeking a skilled Vulnerability Management Specialist to lead and facilitate end-to-end vulnerability management responsibilities. This role involves collaborating with internal teams and external auditing firms (PCI, SOC, ISO while ensuring effective vulnerability scanning, remediation, compliance, and continuous process improvement.

Key Responsibilities

• Vulnerability Scanning & Remediation

• Schedule and conduct weekly vulnerability scans.

• Ensure results are communicated to Remediation Owners.

• Track and validate closure of Critical, High, and Medium vulnerabilities within timelines.

• Audit & Compliance Support

• Collaborate with internal stakeholders for device inventory analysis and audit readiness.

• Provide required evidence to external auditors for PCI, SOC, and ISO 27001 audits.

• Train internal employees on vulnerability scanning and remediation processes aligned with PCI and Security Requirements.

• Security Analysis & Monitoring

• Perform security analysis and technical assessments.

• Monitor and report remediation progress, ensuring compliance with regulatory, contractual, and legal requirements.

• Conduct penetration testing and segmentation testing for services.

• Process Improvement & Documentation

• Identify gaps and recommend improvements in vulnerability management workflows.

• Create and maintain process documentation and training material.

• Database & CMDB Integration

• Lead efforts to integrate DBORs of infrastructure and CPE devices into the CMDB.

• Ensure automated, recurring hydration of inventory supporting services.

Required Skills

• Strong project management and time management skills.
• Proficiency in Microsoft PowerPoint, Excel, Outlook, and Word.
• Excellent verbal and written communication skills.

• Hands-on experience with:

• ServiceNow Vulnerability Response Module

• Tenable SC and

Desired Skills

• Bachelors degree in Computer Science / Information Systems (preferred).
• 5+ years in IT Operations (with exposure to PCI DSS audits) and 3+ years in IT Security.
• Relevant certifications preferred: CISSP, CISM, CCSK, CCSP, PMP, CISA.