American Express Global Business Travel

Vulnerability management Analyst

American Express Global Business Travel

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $70,000 - $140,000 per year

Job Level

Mid-LevelSenior

Tech Stack

Cyber Security

About the role

  • Develop and maintain the full lifecycle of vulnerability management service from discovery, analyzing, triage, advising, remediation and validation.\n
  • Collaborate with cross-functional teams for vulnerability management services, vulnerability scanning, vulnerability assessment, providing advisory and tracking support for vulnerability remediation.\n
  • Review vulnerability management plans; develop and maintain documentation related to policies, procedures, and best practices.\n
  • Operate and configure tools used for vulnerability testing and identification.\n
  • Coordinate with Infrastructure and application teams regarding scanning schedule, scope review, analyze, validate and report on vulnerability scan results.\n
  • Perform security testing activities, such as penetration testing and application/vulnerability assessment.\n
  • Respond to security incidents, conduct root cause analysis, and implement corrective actions.\n
  • Research and analyze security advisories and bulletins.\n
  • Utilize vulnerability management infrastructure that includes scanners (Qualys, Wiz, DAST, SAST).\n
  • Assist with security risk assessments, IT audits (PCI/SOC/third party audits).\n
  • Develop and maintain KPIs to measure the effectiveness of the MTTR.\n
  • Generate regular reports and dashboards to communicate vulnerability status, trends, and program effectiveness to stakeholders.

Requirements

  • Minimum of 5 years of professional experience in cyber security role and three years of experience in vulnerability management.\n
  • Experience conducting vulnerability scans, including configuration & use of tools such as Qualys and manage findings with centralized vulnerability management tool.\n
  • Knowledge of cybersecurity frameworks, controls , standards and best practices.\n
  • Familiarity with Security Control Systems and Frameworks (e.g., SOX, PCI-DSS, ISO).\n
  • Adaptability in a remote-first, international team.\n
  • Excellent communication skills: Ability to translate technical cybersecurity concepts into clear, actionable terms for diverse audiences.\n
  • Excellent problem-solving, analytical, and communication abilities.\n
  • Bachelor's degree in Computer Science, Engineering or a related technical field.\n
  • Motivational attitude: Positive and proactive approach to leading change in the face of cybersecurity challenges.\n
  • Industry knowledge: Familiarity with corporate security programs, compliance standards, and risk management processes.