Vulnerability Operations Analyst

We are looking for a Vulnerability Operations Analyst to join a project at a company specializing in the management of financial markets. This person will lead the planning, coordination, and monitoring of patching activities across our IT environment. This role focuses on ensuring timely and effective patch deployment by collaborating closely with infrastructure and security teams — not on executing patches directly.

Key responsabilities:

Patch Deployment Planning

• Develop patch deployment schedules and maintenance windows.
• Coordinate with IT teams to plan and test patch rollouts.
• Minimize disruption to business operations during patch implementation.

Vulnerability Management Support

• Collaborate with cybersecurity teams to align patching with vulnerability scans.
• Address vulnerabilities identified in internal or external assessments.
• Ensure remediation timelines are met according to risk thresholds.

Monitoring and Reporting

• Monitor patch deployment success rates and failures.
• Generate compliance and audit reports.
• Track and report on unpatched systems or delayed updates.

Tool Management and Optimization

• Evaluate and optimize patch management tools and platforms.
• Recommend improvements to patch management technologies.
• Ensure patch tools are updated and properly configured.

Collaboration and Communication

• Work closely with infrastructure, application, and security teams.
• Partner with application owners and system administrators to validate patch outcomes.
• Communicate patch impacts and timelines to stakeholders.
• Escalate unresolved or high-risk issues to management.

Risk and Exception Handling

• Manage and document patch exceptions and delays.
• Conduct risk assessments for systems that cannot be patched.
• Recommend and apply compensating controls when necessary.

Policy and Documentation

• Maintain up-to-date patch management policies and procedures.
• Document patching activities, exceptions, and rollback plans.
• Ensure compliance with regulatory or industry standards (e.g., ISO 27001, NIST, PCI-DSS).

• 2–5 years of experience in IT operations, systems administration, or information security.
• Experience in regulated environments (finance, healthcare, government) is a plus.
• Familiarity with ITIL or similar frameworks.
• Understanding of change management and incident escalation processes.
• Knowledge of compliance standards (ISO 27001, NIST, PCI-DSS, CIS).
• Awareness of cybersecurity best practices.
• Basic to intermediate knowledge of networking, firewalls, and endpoint devices.
• Understanding of virtualization platforms (VMware, Hyper-V) and cloud infrastructure (AWS, Azure, GCP).
• Knowledge of patch lifecycle management processes.
• Understanding of vulnerability scoring systems (CVSS).
• Familiarity with vulnerability assessment tools (Tenable, Qualys, Rapid7).