1 to 25 of 485 Permanent Vulnerability Management Jobs

The Role: The Vulnerability Management Analyst is a global role within ION's central services division and will support the Group Security strategy and operational excellence through the identification, mitigation and remediation of information security vulnerabilities, misconfigurations and risks to the business. This role reports to the Vulnerability Management Manager who reports to the Global Head … of IT Security. As a member of the ION Security team, you will build and lead a team of Security professionals specialising in Vulnerability Management along with managing the partners and technology vendor deliverables and of course building and owning the strategy to deliver a world class Vulnerability Management program. The candidate must understand their role … in the broader vulnerability management program and your team will regularly perform discovery scanning, risk/exposure assessments, mitigation support activities, continuous validation assessments, and lessons learned workshops and improvement projects to continuously improve our process across Group Security and all other Verticals. We are looking for a diligent, dedicated, creative and motivated individual. Excellent communication skills are More ❯

threat and security posture situational awareness for the enterprise. This opportunity is in anticipation of a future contract award! What you'll be doing: Lead the design, implementation, and management of advanced cybersecurity solutions that protect critical systems and sensitive data. Serve as a technical authority, providing strategic direction and hands-on expertise in securing enterprise infrastructure, applications, and … foundation in various languages to create tools and techniques, perform code analysis, conduct code manipulation and develop coding solutions tailored to the area of need. Offensive development responsibilities include vulnerability research and analysis, reversing engineering threats to determine methods of exploitation, malware research, researching innovative tools and techniques, developing malicious payloads, and manipulating code execution. Defensive development responsibilities include … networks and net-centric capabilities, as well as detection of, identification of and response to attacks. Securing development environments and software through application security architecture software evaluations web application vulnerability assessment penetration testing and fuzzing, malware research and vulnerability mitigation. Work to achieve key project/program objectives and deliverables. Responsible for entire projects or processes spanning multiple More ❯

Board, other internal sub-Boards, and relevant stakeholders. Compliance and Assurance : Ensure ongoing compliance with ISO27001 certification requirements, including managing audits, reviews, and continual improvement of the Information Security Management System (ISMS). Stay abreast of and ensure adherence to regulations (e.g., GDPR, NIS2, DORA) and other relevant legal and contractual obligations, as well as application security standards. Risk … Management : Lead the information security risk management process, including identification, assessment, treatment, and monitoring of risks, with a particular emphasis on application security risks. Conduct regular risk assessments and vulnerability analyses of systems, applications, and infrastructure. Security Operations : Oversee the management of security technologies and controls, including but not limited to, firewalls, intrusion detection/prevention … systems, security information and event management (SIEM), data loss prevention (DLP), vulnerability management tools, and application security testing tools. Secure Software Development Lifecycle (SSDLC) : Integrate security best practices into the software development lifecycle. Work closely with development teams to ensure secure coding practices, conduct comprehensive security testing (e.g., penetration testing, vulnerability scanning, application security reviews), and More ❯

specifically responsible for completing the implementation of a number of strategic based security solutions for new security tooling or existing. The engineer will also participate in security related service management processes (incident, change and problem management) and will participate in the planning, design, enforcement and review of security controls which protect the integrity of the firm. Essential Duties … embed security-by-design principles into development processes. Conduct reviews of existing tools and processes, identifying gaps and implementing enhancements to strengthen our security posture. Perform security scanning and vulnerability management, taking proactive measures to reduce operational risks. Monitor security alerts and implement mitigations to safeguard against potential threats and attacks. Support Data Loss Prevention (DLP) solutions that … protect corporate data across platforms, devices, and environments globally. Monitoring and managing responses to the Security Incidents and Security DLP. Standard, third party and privilege Identity Access Management Operate, manage and improve HSM key management infrastructure. Remediation of external, internal vulnerabilities, web application scanning and patch compliance. Cyber Incident Management and or Security Forensic experience. Documenting High More ❯

from the firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes. What you will do Reporting to the global Head of Cyber Defence, the Cyber Defence and Security Operations Manager is a key role within the … firm which is responsible for day-to-day management of the Cyber Defence and Security Operations Centre within their time-zone, EMEA & APAC. They will make sure that the firm can effectively monitor, analyse, and respond to cyber security events and incidents and will oversee a team of senior analysts and analysts, providing guidance and direction to protect the … teams in APAC, EMEA and US respectively, in line with our 24-7 follow-the-sun global model. Participate in security incident response exercises and training. Leadership and Team Management Assist the Head of Cyber Defence in managing a team of analysts and senior analysts in EMEA & APAC, providing operational direction, performance management, and training. Provide structured mentorship More ❯

partnering with customers to go beyond expectations through the power of cutting-edge technology and expert teams.Our deep expertise in cloud, data and AI, application modernisation, and service delivery management has redefined businesses globally, helping shape the future for large public sector organisations and major global, private brands. We put users and user-centric design at the heart of … Services Practice: Services Reliability Group Vetting Requirements: SC Clearance/CTC Clearance level is mandatory. Role Summary: Our ASPIRE Global Service Centre is the central hub of our Service Management operations. Beyond a traditional Service Desk, it stands as the central authority and shared service delivery hub, orchestrating all operational workflows, processes, procedures, and tooling. Its a core delivery … we utilise the best digital capabilities of the ServiceNow ITSM tooling product to provide the very best Experience to our Customers. We are seeking an experienced and results-driven Vulnerability & Security Compliance Lead who plays a critical role in ensuring the security and reliability of our customers IT infrastructure. This role is responsible for leading efforts to identify, assess More ❯

partnering with customers to go beyond expectations through the power of cutting-edge technology and expert teams.Our deep expertise in cloud, data and AI, application modernisation, and service delivery management has redefined businesses globally, helping shape the future for large public sector organisations and major global, private brands. We put users and user-centric design at the heart of … Services Practice: Services Reliability Group Vetting Requirements: SC Clearance/CTC Clearance level is mandatory. Role Summary: Our ASPIRE Global Service Centre is the central hub of our Service Management operations. Beyond a traditional Service Desk, it stands as the central authority and shared service delivery hub, orchestrating all operational workflows, processes, procedures, and tooling. Its a core delivery … we utilise the best digital capabilities of the ServiceNow ITSM tooling product to provide the very best Experience to our Customers. We are seeking an experienced and results-driven Vulnerability & Security Compliance Lead who plays a critical role in ensuring the security and reliability of our customers IT infrastructure. This role is responsible for leading efforts to identify, assess More ❯

requirements. The ISSM will assist in the development of procedures and runbooks; act as the subject matter expert in a variety of cybersecurity domains such as Identity and Access Management, Vulnerability Management, Endpoint Protection, Incident Response activities, etc.; and will provide tier two production support for responsible solutions. How you'll make an impact Develop, administer, and … in new solutions. Research and evaluate the impact of new vulnerabilities, security alerts and threat intelligence bulletins. Participate in threat hunting and incident response events. Lead third-party risk management tasks such as conducting risk assessments for vendors and services. Build and maintain relationships with key customer's technical staff members and with internal stakeholders from IT, customer service … and field operations. Share experience, knowledge, and ideas with management and co-workers to maintain a kind and respectful team-based environment. Promote a corporate culture that is committed to information security best practices. Participate in after-hours support, as needed, to respond to critical security incidents. Function with a high degree of integrity with an ability to keep More ❯

respond to security incidents, conducting investigations and implementing corrective actions.- Collaborate with IT and other departments to ensure the security of network infrastructure and data.- Manage risk assessments and vulnerability assessments to identify potential security threats.- Oversee the implementation of security measures such as firewalls, intrusion detection systems, and data encryption technologies.- Provide training and guidance to staff on … Qualifications:**- Bachelor's degree in Information Security, Computer Science, or a related field.- Professional certifications such as CISSP, CISM, or ISO 27001 Lead Auditor.- Proven experience in information security management and conducting security audits.- Strong knowledge of information security frameworks and standards.- Excellent analytical and problem-solving skills.- Strong communication and interpersonal skills.**Preferred Qualifications:**- Experience with regulatory compliance … MCSE- Microsoft Certified Solution Expert; MCITP-Microsoft Certified IT Professional; VMware Certified Professional;CCNA/CCNP Experience with security tools and technologies such as intrusion detection systems, SIEM, and vulnerability management tools. Familiarity with regulatory requirements and industry standards related to IT security. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business More ❯

activities, including incident monitoring and response. How will you make an impact? Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes. Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits. Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness … of compliance processes. Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions. Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings. External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence. Security Monitoring: Use tools such as … and implementing recommendations to improve the security posture. Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives. Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams. Have you got what it takes? Strong expertise in audit and compliance More ❯

and Law Enforcement cybersecurity regulations, including RMF, NIST 800-53, and FISMA. Develop, implement, and enforce IA policies, security guidelines, and best practices to safeguard IT systems. Oversee patch management, system hardening, and vulnerability scanning to maintain compliance. Conduct regular audits, risk assessments, and security control evaluations to identify gaps and recommend improvements. Generate compliance reports, incident summaries … and vulnerability assessment findings for Federal stakeholders. Vulnerability Management & Network Security Oversee the configuration, maintenance, and administration of network security appliances. Perform penetration testing, vulnerability scanning, and remediation efforts to identify and address security weaknesses. Maintain up-to-date knowledge of cyber threats, attack vectors, and security technologies to enhance defensive strategies. Implement intrusion prevention measures … years of experience as a Tier-2+ Cybersecurity Operations Lead in a DoD, DOE, or Law Enforcement environment. Minimum 3 years of experience in information security operations, incident analysis, vulnerability management, intrusion detection, and system patching. 10+ years (MA/MS) or 12+ years (BA/BS) in information security and cybersecurity operations. Strong expertise in TCP/ More ❯

secure network architectures. Monitor network traffic for suspicious activity and respond to security incidents. Conduct regular network security assessments and audits to ensure compliance with security policies and standards. Vulnerability Analysis: Conduct regular vulnerability assessments and penetration testing to identify and mitigate security risks. Develop and implement strategies to address vulnerabilities. Track and report on the status of … are properly configured and updated. Evaluate and recommend new security tools and technologies to enhance security operations. Documentation: Create and maintain detailed documentation of security incidents, forensic analysis, and vulnerability assessments. Prepare reports for management and stakeholders. Collaboration: Work closely with other IT and Digital teams to ensure comprehensive security coverage. Provide security guidance to projects and programs … solutions. Network Security: Strong understanding of network protocols, VPNs, and network security architecture. Incident Response: Ability to detect, analyse, and respond to security incidents, including forensics and malware analysis. Vulnerability Management: Experience in identifying, assessing, and mitigating vulnerabilities in systems and applications. Automation: Skills in scripting and automation for security tasks (e.g. Python, PowerShell). Information Security Frameworks More ❯

infrastructure. You'll be hands-on, designing, implementing, and managing top-notch security solutions across all our cloud environments. You'll also play a key part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident … management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities for the business. Driving Automation: You'll push for security automation wherever possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion … security, including firewalls, WAF, anti-virus, and O365 compliance & security centre. Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR. Experience operating and managing SIEM solutions, vulnerability management tools, and secure configuration tooling. Ability to use PowerShell and Python scripting for security automation. Experience working in or with agile and/or SecOps oriented teams. More ❯

infrastructure. You'll be hands-on, designing, implementing, and managing top-notch security solutions across all our cloud environments. You'll also play a key part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident … management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities for the business. Driving Automation: You'll push for security automation wherever possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion … firewalls, WAF, anti-virus, and O365 compliance & security centre . Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR . Experience operating and managing SIEM solutions , vulnerability management tools, and secure configuration tooling. Ability to use PowerShell and Python scripting for security automation. Experience working in or with agile and/or SecOps oriented teams More ❯

CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. It's time to rethink ROI - your return on incentives - with CaptivateIQ. … and remediate application and cloud security vulnerabilities (e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws). Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications. Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE … tooling (e.g., Burp Suite, ZAP, Amass, Nmap). Assess and mitigate static (SAST) and dynamic (DAST) vulnerabilities across services and components. Evaluate, implement, and maintain security tooling to support vulnerability management, secure development, and event detection workflows. Define and track metrics related to application security, vulnerability remediation, detection coverage, and incident response effectiveness. Support compliance initiatives (e.g. More ❯

2+ years of experience as a Cybersecurity Analyst, Information Security Analyst, or in a related security role Experience with security monitoring tools, such as SIEM, firewalls, antivirus software, and vulnerability management tools Experience with security frameworks and regulations, such as NIST, ISO 27001, PCI-DSS, and GDPR Experience with vulnerability scanning and penetration testing tools such as More ❯

Mission Partner Capabilities Office (MPCO) also known as SAF/CDMX Directorate. The Mission Partner Capabilities Office provides design, configuration, accreditation and implementation of mission and R&D information management systems and cloud-based solutions that support defense and intelligence priorities as well as internal business processes and mission functions, network communications, database management, security accreditation, and workflow … such that the ISSE is responsible for compliance-based cybersecurity engineering to include but not limited to cybersecurity engineering and generation of body of evidence requirements per DoD Risk Management Framework (RMF). Additionally, the ISSE shall provide management and professional support, assistance, advice, to support the efficient and effective management and operation of the organization, activities … to: • Provide expertise and recommendations in applying security requirements to complex combatant command projects, identifying gaps, and while integrating new technologies. • Develop secure system architectures and hardening solutions. • Conduct vulnerability assessments, security testing, and continuous monitoring. • Implement security controls per RMF and NIST guidelines. • Support risk assessments and incident response efforts. • Ensure security policies and best practices are integrated More ❯

locations in Arlington, VA. The Cybersecurity Engineer will be responsible for securing enterprise systems, monitoring for threats, and ensuring compliance with federal cybersecurity regulations. You will support ISSO functions, vulnerability management, DevSecOps integration, and audit readiness across domestic and overseas OBO environments. KEY RESPONSIBILITIES: Security Operations and Monitoring: Identify and respond to threats across the OBO enterprise using … like Splunk, Tanium, and Sentinel. Monitor event logs and perform incident response in line with Department of State standards. Conduct classified spillage containment, forensics, and reporting procedures as required. Vulnerability Assessment and Remediation: Perform vulnerability scans and penetration testing using Nessus, Metasploit, and Wireshark. Document and remediate security findings through POAandMs and system configuration changes. Ensure compliance with … DevSecOps pipelines and work collaboratively with engineers to secure new application builds, infrastructure-as-code deployments, and cloud configurations across AWS, Azure, and Google platforms. Policy Compliance and Risk Management: Support Certification and Accreditation (CandA) and Continuous Authorization (CA) activities in alignment with NIST RMF. Develop and maintain documentation such as System Security Plans (SSP), Security Assessment Reports (SAR More ❯

Security Lead In summary the Client is looking to recruit an all-round individual with expert knowledge and hands-on experience of IT Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands-on expertise in IT Infrastructure combined with Security and Risk - ideally from within the banking or insurance sector. The IT Operational … environment. While Microsoft technologies (Microsoft 365, Azure, Exchange Online) form a core part of the infrastructure, the role also encompasses broader enterprise IT systems, multi layered networking, security, data management, and third-party platforms that support global business operations and the associated applications estate. The role requires a proactive leader who can drive IT operational excellence, manage security risks … technically augment the team capabilities (when required) and have a detailed knowledge of technical IT support roles/services as a requirement, across multiple technical areas. Security, Compliance & Risk Management • Define and enforce cloud security policies, identity management, and access controls to protect systems, networks, and data. • Oversee the adoption of zero-trust security principles to enhance protection More ❯

GEMINI INDUSTRIES INC. provides technical, management and operations services to support National Security projects. We provide rapid response to the critical needs of our customers and those they serve. We perform analyses and develop operations plans to anticipate and prepare for the future. And we deliver advanced technology to improve our customer's success in executing its mission. Gemini … days and exceed requirements within 90 days. Responsibilities: The Senior Information Systems Security Engineer (SME) will directly support the Secretary of the Air Force (SAF)/Concept Development Management Office (CDM)/(CDMM) Mission Architecture Innovation Directorate. The Mission Architecture Innovation Directorate provides design, configuration, accreditation and implementation of mission and R&D information management systems and cloud … based solutions that support defense and intelligence priorities as well as internal business processes and mission functions, network communications, database management, security accreditation, and workflow management. The Information Systems Security Engineer (ISSE) (SME) is responsible for designing, implementing, and maintaining security controls to protect the organization's information systems in accordance with Department of Defense (DoD) requirements. This role More ❯

Implement Security Measures: Develop and implement cybersecurity architectures and defense strategies for complex hardware/software systems, ensuring compliance with RMF, NIST, and other DoD cybersecurity standards. Risk Assessment & Vulnerability Management: Conduct thorough cybersecurity assessments, identifying vulnerabilities and proposing effective mitigation strategies to safeguard systems and data. Incident Response: Lead the identification, analysis, and resolution of cybersecurity incidents … while ensuring timely reporting and documentation in compliance with government standards. Security Testing & Audits: Perform security testing, penetration testing, and vulnerability assessments on software and hardware systems to identify weaknesses before adversaries can exploit them. Collaboration with Cross-Functional Teams: Work closely with engineering, operations, and other technical teams to integrate security practices into the development and deployment of … of Top-Secret clearance with the ability to obtain TS/SCI. The candidate must maintain the clearance. Cybersecurity Frameworks: Extensive experience with DoD cybersecurity standards, including RMF (Risk Management Framework) and NIST cybersecurity standards. Security Architecture: Strong knowledge of designing secure architectures for hardware/software-in-the-loop systems, cloud-based systems, and cross-domain data communications. More ❯

security alerts from various tools such as WAF, SIEM, IDS/IPS, firewalls, and endpoint protection platforms. Investigate and respond to security incidents, including containment, eradication, and recovery. Conduct vulnerability assessments and coordinate remediation efforts. Perform threat hunting and behavioural analysis using threat intelligence and analytics tools. Maintain and tune security tools, detection rules, and automation scripts. Support compliance … initiatives (e.g., ISO 27001, NIST, GDPR). Document incidents, procedures, and technical findings clearly and accurately. Ensure timely management and resolution of tickets, both internal/partner and third-party suppliers. Remain up to date with the latest security threats, trends, and technologies. Skill Requirements: Microsoft Defender Extended Detection &Response (XDR): Familiarity with Microsoft Security Portfolio of products. Network … Security: Understanding of TCP/IP, DNS, VPNs, firewalls, and packet analysis (e.g., Wireshark). Threat Intelligence: Use of platforms like MISP, Recorded Future, or ThreatConnect. Vulnerability Management: Experience with tools like Tenable Nessus, Qualys. Scripting &Automation: Proficiency in Python, PowerShell, or Bash for automating security tasks. Cloud Security: Knowledge of MS Azure. Privileged/Identity& Access Management More ❯

security certifications (e.g., AWS Security, Azure Security Engineer) are a plus. Experience Required: Hands-on experience with SIEM, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and vulnerability management tools. Solid understanding of TCI/IP, network protocols, firewalls, and encryption technologies. Familiarity with security compliance standards such as NIST, FISMA, FedRAMP, HIPAA, or DoD 8500.01. … . Knowledge of common attach vectors, threat modeling, and defense-in-depth strategies. Skill in monitoring, analyzing, and responding to security events using SIEM and logging tools. Skill in vulnerability analysis, patch management, and coordination of remediation efforts. Skill in documenting incidents, tracking metrics, and maintaining compliance evidence. Ability to interpret technical data and communicate security risks clearly More ❯

for tomorrow. At Allianz Global Investors we foster a culture of professionalism, fulfilment, and an inclusive working environment. Do you want to be part of a leading active asset management company? Then join us now! This position sits within the Core IT Services department, which provides an IT infrastructure platform for the business. The team has two primary focuses … close alignment with our global Information Security team Act as a point of contact to third-party(-ies), service providers as well as within the Core IT Services, Risk Management, Enterprise Architecture, IT Support/Workplace, IT Compliance, Information Security, Business Resilience, Procurement, Finance and other cross-functions What you bring Required Hands-on experience implementing, managing, and improving …/IDS, WAF, EDR, etc., experience with the Microsoft Security Suite is ideal Deep technical expertise and relevant experience in security operations (threat intelligence, security monitoring, incident/crisis management, vulnerability management and security engineering), with the ability to run consistent global operations across these areas Hands-on experience responding to incidents, including use of various response More ❯

and Security functions are central to this position, leading a team of specialist engineers to maintain the secure operation of services and contributing to major projects that impact identity management across the organisation. The post holder also serves as a technical authority within the team and department. What you'll need to succeed Security Operations & Incident Response Lead security … operations services, including monitoring, incident response, threat management, and intrusion detection, using both internal and external resources. Manage the outsourced 24/7 security operations service. Lead the organisation's response to security incidents, coordinating recovery efforts with internal teams and vendors. Establish and manage threat intelligence processes to ensure timely remediation of vulnerabilities. Monitor and analyse performance metrics … to support security troubleshooting and continuous improvement. Identity & Access Management Provide expert technical leadership for identity and access management, ensuring secure, high-performing services aligned with SLAs. Oversee day-to-day monitoring and maintenance of identity services, ensuring reliability and user demand readiness. Shape and deliver a strategic roadmap for identity services, focusing on automation and proactive improvements. More ❯