Specialist - Vulnerability Management (m/f/d)
Halian | Managed Services, Recruitment Agency & Contract Staffing
Description
Role Purpose
The Vulnerability Management Specialist is responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across the organization. The role focuses on leveraging Qualys , applying CVSS v3.1 scoring with business context , and delivering executive-level reporting on vulnerability posture aligned with the bank’s risk appetite . The position also supports penetration testing coordination and ensures remediation activities meet defined SLAs.
Key Responsibilities
Vulnerability Assessment & Scanning
- Perform regular vulnerability scanning using Qualys (mandatory) across infrastructure, applications, and endpoints
- Identify and validate vulnerabilities across:
- Servers, databases, and network devices
- Cloud and on-premise environments
- Ensure scanning coverage is comprehensive and aligned with asset inventory
Risk Prioritization & Analysis
- Prioritize vulnerabilities using CVSS v3.1 scoring, enhanced with:
- Asset criticality
- Business impact
- Threat intelligence inputs
- Distinguish between false positives and real risks through validation and analysis
- Provide risk-based recommendations for remediation
Remediation Tracking & SLA Management
- Track vulnerability remediation against defined SLAs
- Work closely with IT, infrastructure, and application teams to ensure timely fixes
- Develop and maintain remediation dashboards for visibility and accountability
- Escalate overdue or high-risk vulnerabilities to management
Reporting & Governance
- Prepare and present:
- Executive dashboards on vulnerability status and trends
- Quarterly vulnerability posture reports aligned with board-level risk appetite
- Highlight key risk areas, systemic weaknesses, and improvement actions
- Support risk committees, CISO, and senior leadership with actionable insights
Penetration Testing Coordination
- Coordinate and manage internal and external penetration testing engagements
- Ensure findings are:
- Properly documented
- Tracked for remediation
- Validate closure of penetration testing findings
Continuous Improvement & Compliance
- Enhance vulnerability management processes in line with industry best practices
- Integrate threat intelligence to improve risk prioritization
- Ensure alignment with:
- Internal security policies
- Regulatory requirements (banking/financial sector)
- Support audits and compliance reviews
Qualifications & Experience
Education
- Bachelor’s degree in:
- Cybersecurity
- Information Technology
- Computer Science or related field
Experience
- 4–8+ years of experience in:
- Vulnerability Management / Security Operations
- Enterprise-scale vulnerability assessment programs
- Proven experience with:
- Qualys Vulnerability Management (mandatory)
- CVSS scoring and risk-based prioritization
- Remediation lifecycle management
- Experience in banking or regulated environments is highly preferred
Technical Skills
- Strong knowledge of:
- Vulnerability scanning tools (Qualys, Tenable, Rapid7 – with Qualys as primary)
- CVSS v3.1 framework and risk scoring methodologies
- Experience with:
- Dashboarding tools (Power BI, Tableau, or similar)
- Patch and remediation workflows
- Familiarity with:
- Network and system security concepts
- Cloud security vulnerabilities (AWS, Azure, GCP)
Soft Skills
- Strong analytical and risk assessment skills
- Ability to translate technical vulnerabilities into business risk
- Effective stakeholder communication and coordination
- Attention to detail with strong follow-through
Key Competencies
- Vulnerability Assessment & Analysis
- Risk-Based Prioritization
- Remediation Tracking & SLA Management
- Security Reporting & Executive Communication
- Penetration Testing Coordination
- Continuous Improvement & Compliance
**