Vulnerability Management Analyst

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

The Vulnerability Management Analyst is responsible for proactively identifying and managing the remediation of vulnerabilities affecting AVEVA’s infrastructure and services. This role requires a broad technical understanding and to be responsible for vulnerability detection, assessment and driving vulnerability remediation across the organisation.

As Vulnerability Management Analyst , your responsibilities will include

• Conduct vulnerability assessments to identify known vulnerabilities and configuration weaknesses and assess the effectiveness of existing controls and recommends remedial action.

• Maintain current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities.

• Analyze risks associated with vulnerabilities, provide detailed reporting, and recommend actionable remediation strategies

• Support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.

• Serve as an escalation point on issues, dependencies, and risks related to vulnerability scanning and security testing.

• Collaborate with multiple stakeholders to prioritize vulnerabilities based on severity, impact, and exploitability.

• Support the development of AVEVA’s Vulnerability management policy, process, and procedures.

• Managing the end-to-end vulnerability lifecycle from discovery to closure ensuring the relevant resolver team put in place a plan and timely remediation working with both managed service providers and internal IT and Information Security staff.

• Utilising information from external vulnerability reporting tools such as Bitsight, RiskRecon, Security Scorecard and vendor vulnerability briefings determine the priority of remediations needed across the AVEVA estate.

• Manage security assessment processes, including performing, tracking remediation, validating controls, measuring residual risk, and writing reports.

• Coordinate and oversee remediation efforts to ensure timely and effective resolution of security vulnerabilities.

We're looking for:

• Minimum of 2 years information and cyber security experience, and experience in IT Vulnerability Management.

• Experience using vulnerability scanning tools such as Qualys, Tenable, Rapid7 and vulnerability management platforms (RiskVision, Kenna Security).

• Experience managing vulnerability management findings/services for cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud Platform).

• Strong understanding of vulnerability management practices and methodologies. Knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).

• Working knowledge of system, application, network and database hardening techniques and practices.

• Working knowledge of one or more of the following - cloud technologies, internet security, networking protocols or experience with software development.

• Strong analytical skills and ability to identify advanced vulnerability threats.

• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.

• Knowledge of and experience in developing and documenting security processes and plans.

• Knowledge and experience with implementing common information security management frameworks, such as International Organization for Standardization (ISO) 2700x series, AICPA SOC2 (Service Organization Control), ITIL, COBIT and National Institute of Standards and Technology (NIST) or Centre for Internet Security (CIS) frameworks would be advantageous.

Good to have skills:

• Security certifications such as CEH, GPEN, Security+.

• Understanding of firewall & networking devices (Cisco, Palo Alto, Checkpoint).

• Understanding of desktop and server infrastructure (Microsoft, Linux, MacOS).

• Vulnerability Management tools (Qualys, Tenable/Nessus, Rapid 7 Nexpose).

• Security rating services such as BitSight, SecurityScorecard and RiskRecon.

• Understanding of Cloud Security (Amazon Web Services, Google Cloud Platform).

• Working experience of PowerBI

• Awareness of the Mitre ATT

Salary Range:

$85,800.00 - $143,000.00

This pay range represents the minimum and maximum compensation that the position offers, and final compensation can vary within the range depending on work location, job experience, skills, and relevant educational attainment and/or training. 

USA Benefits: Competitive salary; high quality healthcare; 401(k) with 6% employer match; FSA and supplemental insurance; paid parental leave; 20 days PTO with increase for time served; 7 days of sick time; 3 days paid volunteering; flexible lifestyle benefits (commuter plans, backup care, emergency leave and fitness/education reimbursement opportunities) 

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify AVEVA at [email protected]. Determinations on requests for reasonable accommodation will be made on a case-by-case basis. 
 
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.