[Hiring] Senior Analyst, Vulnerability Management @Ensemble Health Partners, India

Role Description

The Senior Vulnerability Management Analyst will be responsible for overseeing and managing vulnerabilities identified by various platforms, including Tenable, Wiz, Defender for Cloud, and other vulnerability sources. This role involves leading the assessment of reported vulnerabilities, triaging and ranking them by risk and other mitigating control factors, and setting a strategic prioritization schedule for remediation. The candidate will collaborate with patching teams to provide expert guidance and ensure timely patching according to company policies. If timely patching is not feasible, the analyst will coordinate risk exception procedures and ensure that tools exclude findings with granted risk exceptions. Additionally, the analyst will stay at the forefront of vulnerability trends and manage Cloud Security Posture Management (CSPM) components to ensure the security of cloud environments.

Qualifications

• Experience with vulnerability management tools and platforms.
• Experience in assessing and prioritizing vulnerabilities and managing remediation efforts.
• Experience with CSPM tools and practices.
• Strong understanding of risk management and mitigation strategies.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
• Experience with cloud security and understanding of cloud service provider ecosystems (e.g., AWS, Azure).
• Ability to create and maintain scripts for automation (e.g., PowerShell, Python).
• Excellent problem-solving and analytical skills.
• Strong collaboration and teamwork skills.

Requirements

• Independent monitor and manage vulnerabilities across Tenable, Wiz, Defender for Cloud, and other platforms.
• Lead the assessment of reported vulnerabilities, triage them, and rank them by risk and other mitigating control factors.
• Set a strategic prioritization schedule for remediation and work with patching teams to ensure timely patching.
• Proficiency with ticketing tools, raising appropriate patch requests, keeping record of the pending requests, following them up on a regular basis and tracking them down till resolution.
• Manage risk exception procedures and ensure tools exclude findings with granted risk exceptions.
• Stay at the forefront of vulnerability trends and provide recommendations for improving vulnerability management processes.
• Manage CSPM components to ensure the security of cloud environments, including continuous security assessments, risk prioritization, compliance monitoring, and configuration management.
• Detect and address gaps in scan coverage to ensure comprehensive vulnerability assessments.
• Generate reports and deliver presentations on vulnerability assessments and remediation progress.
• Mentor and train junior team members, fostering skill development and knowledge-sharing.
• Contribute to the overall security strategy and engage with executive leadership to enhance security resilience.
• Collaborate with cross-functional teams to address complex security issues and ensure effective vulnerability management.
• This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Associates may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.

Benefits

• Comprehensive health insurance coverage for associate, children (up to 2), and parents.
• Accidental insurance coverage.
• Professional development and certification reimbursement programs.
• Statutory benefits including maternity and paternity support.
• Thoughtful employee experiences such as welcome kits, company swag, and work-anniversary recognition.
• Benefits designed to support you at different stages of life and career.