Business Analyst – Order to Cash
Amgen
Vulnerability management Analyst
American Express Global Business Travel
full-time
Posted on:
Location: 🇺🇸 United States
Visit company websiteSalary
💰 $70,000 - $140,000 per year
Job Level
Mid-LevelSenior
Tech Stack
Cyber Security
About the role
- Develop and maintain the full lifecycle of vulnerability management service from discovery, analyzing, triage, advising, remediation and validation.\n
- Collaborate with cross-functional teams for vulnerability management services, vulnerability scanning, vulnerability assessment, providing advisory and tracking support for vulnerability remediation.\n
- Review vulnerability management plans; develop and maintain documentation related to policies, procedures, and best practices.\n
- Operate and configure tools used for vulnerability testing and identification.\n
- Coordinate with Infrastructure and application teams regarding scanning schedule, scope review, analyze, validate and report on vulnerability scan results.\n
- Perform security testing activities, such as penetration testing and application/vulnerability assessment.\n
- Respond to security incidents, conduct root cause analysis, and implement corrective actions.\n
- Research and analyze security advisories and bulletins.\n
- Utilize vulnerability management infrastructure that includes scanners (Qualys, Wiz, DAST, SAST).\n
- Assist with security risk assessments, IT audits (PCI/SOC/third party audits).\n
- Develop and maintain KPIs to measure the effectiveness of the MTTR.\n
- Generate regular reports and dashboards to communicate vulnerability status, trends, and program effectiveness to stakeholders.
Requirements
- Minimum of 5 years of professional experience in cyber security role and three years of experience in vulnerability management.\n
- Experience conducting vulnerability scans, including configuration & use of tools such as Qualys and manage findings with centralized vulnerability management tool.\n
- Knowledge of cybersecurity frameworks, controls , standards and best practices.\n
- Familiarity with Security Control Systems and Frameworks (e.g., SOX, PCI-DSS, ISO).\n
- Adaptability in a remote-first, international team.\n
- Excellent communication skills: Ability to translate technical cybersecurity concepts into clear, actionable terms for diverse audiences.\n
- Excellent problem-solving, analytical, and communication abilities.\n
- Bachelor's degree in Computer Science, Engineering or a related technical field.\n
- Motivational attitude: Positive and proactive approach to leading change in the face of cybersecurity challenges.\n
- Industry knowledge: Familiarity with corporate security programs, compliance standards, and risk management processes.
