Vulnerability Management Analyst
Share
Job Location:
Mexico City - Mexico
Monthly Salary:
Not Disclosed
Posted on:
20 hours ago
Vacancies:
1 Vacancy
Job Summary
Cybersecurity Vulnerability Management Analyst
SailPoints Cybersecurity organization is seeking a Cybersecurity Vulnerability Management Analyst with a passion for cybersecurity. This role ensures the continuous discovery accurate assessment risk-based prioritization and successful remediation of vulnerabilities and misconfigurations across all IT assets directly reducing the organizations exposure and maintaining regulatory compliance.
We are seeking a colleague with demonstrable technical expertise strong business acumen and a proven track record of working in security programs in complex environments. The ideal candidate will be part of the team securing SailPoints production environments from misconfigurations and software vulnerabilities cross-functional collaboration and ensuring that products meet the highest standards of security availability and trust.
Our new Vulnerability Management Analyst will join a growing and capable threat and vulnerability management team of both emerging and established talent. This potential team member will be comfortable with the 4 Is at SailPoint (individual Impact Innovation and
Integrity) even if theyre new to the concept. They will embrace new challenges and by being their authentic self they will be a positive contributor to an already positive work culture and environment.
Integrity) even if theyre new to the concept. They will embrace new challenges and by being their authentic self they will be a positive contributor to an already positive work culture and environment.
This is a challenging and impactful role where you will have the opportunity to work with a variety of stakeholders including our fantastic colleagues in IT DevOps Product engineering Security engineering and Compliance.
This role reports directly to the Head of Vulnerability Management and will be remote.
Key Requirements:
- 3-5 years experience preferably in vulnerability management.
- Strong engineering experience with cloud containers open-source code deploymentand misconfigurations.
- Intermediate experience with scripting languages (e.g. Python PowerShell) forautomating data ingestion reporting or integrating VM data into other security tools(SIEM/SOAR).
- Experience with regulatory frameworks (e.g. NIST ISO 27001 SOC GDPR) and providingevidence for compliance and audit needs.
- Experience tracking trends and configure systems as required to reduce false positivesfrom true events.
- Process Improvement: Drive continuous improvement in the efficiency of vulnerabilityremediation through automation ticketing system integration (e.g. Jira) and processstreamlining.
- Influence & Collaboration Demonstrable experience building strong partnerships in amatrixed organization.
- Technical Intermediate understanding of product security issues (like XXE SSRFInjections etc.) modern software development (fully automated CI/CD REST OAuth2)including multi-cloud (AWS Azure GCP Containers Kubernetes) architecturesparticularly Amazon Web Services Kubernetes and Docker.
- Risk-Based Decision Making Experience making informed decisions through balancingbusiness priorities technical constraints and risk exposure.
- Certifications like CISSP CISA CySA AWS Certs or CCNSE or other relevantcertifications are preferred.
- If the candidate does not have the AWS Certified Cloud Practitioner or AWS CertifiedCloud Security Specialty they must take these certifications within first year ofemployment.
Core Responsibilities:
- Collaborating in the enterprise-wide product security and resilience strategy aligning with business goals and regulatory requirements.
- Partnering with Dev/Ops engineering product management and infrastructure teams to integrate vulnerability management practices into production environments.
- Identifying risk in a production environment comprised of a sophisticated SaaS architecture consisting of dozens of microservices
- Maintain knowledge of the threat landscape for prioritization of vulnerabilities attack techniques tool/exploit development cyber threat intelligence analysis and adversarial tactics.
- Explaining risks identifing dependencies and facilitating the remediation process by providing necessary details and context.
- Enforce a prioritization framework that utilizes risk context beyond standard CVSS scores factoring in asset criticality exposure to the public internet and internal threat intelligence (e.g. active exploitation in the wild).
- Drive the adoption of security automation vulnerability management with product teams.
- Providing program performance reporting and metrics per business unit and product.
SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability protected veteran status or any other category protected by applicable law.
Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact or mail to 11120 Four Points Dr Suite 100 Austin TX 78726 to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.
Required Experience:
IC
Key Skills
- Active Directory
- Customer Service
- End user
- Access Points
- Deskside Support
- Windows
- SCCM
- Troubleshoot
- User Accounts
- Desktop
- PC
- Backup
- Setup
- hardware
- Technical Support
About Company
The core of enterprise security is identity. Take a tour to see how our identity security platform delivers a foundation that securely fuels your business.
