I10

Overview

Vulnerability Management Analyst supporting Income Insurances enterprise cybersecurity program. Responsible for identifying, assessing, and remediating security vulnerabilities across internal and external IT infrastructure, including web and mobile applications.

The role involves leveraging automated tools and manual techniques to detect security weaknesses, coordinating with system and application owners to ensure timely remediation, and maintaining proactive oversight of vulnerability management standards to strengthen cyber resilience.

This role sits within the IT Risk and Security Department, reporting to the Manager of Cyber Assurance.

Responsibilities

• Conduct vulnerability scanning and discovery, track remediation SLAs, and verify vulnerability fixes to support remediation efforts.

• Coordinate Vulnerability Assessment and Penetration Testing (VAPT) activities, including pre-engagement planning, vendor coordination, testing delivery, and post-testing follow-ups.

• Review and communicate VAPT findings with system and application owners, addressing queries and ensuring remediation actions are taken.

• Troubleshoot operational issues related to vulnerability assessments by liaising with internal teams and external vendors.

• Manage and support DevSecOps CI/CD application deployments to ensure compliance with Incomes DAST (Dynamic Application Security Testing) standards.

• Configure and troubleshoot DAST scans for newly onboarded applications.

• Monitor and maintain availability and health checks of vulnerability scanning systems and DAST platforms.

• Perform system administration of vulnerability management tools, including scanning agent verification, system health monitoring, and log extraction for investigations.

• Ensure configuration changes follow organizational security procedures and standards, including access management reviews and scanner hardening compliance.

• Generate weekly and monthly dashboards/metrics for VAPT activities and testing results for reporting to the HOD and management.

• Prepare quarterly vulnerability assessment reports and statistics for management review meetings.

• Support technical risk assessments and recommend mitigation strategies when vulnerabilities cannot be immediately remediated.

• Assist in continuous improvement initiatives for vulnerability management processes and procedures.

Requirements 

• 2–3 years of experience in vulnerability management, penetration testing, vulnerability assessment, or related cybersecurity roles.

• Background in application development, web technologies, and application security testing.

• Familiarity with penetration testing methodologies, tools, and procedures.

• Understanding of network and application security vulnerabilities, attack techniques, and threat identification methods.

• Professional certifications such as CEH, OSCP, BSCP, or CREST CRT are advantageous.

Technical Competencies 

Vulnerability & Security Tools

• Hands-on experience with vulnerability management tools such as TenableOne, Qualys, and Rapid7.

• Familiar with CVSS, EPSS scoring models, exploitability assessment, and remediation prioritization strategies.

Application Security 

• Strong knowledge of OWASP Top 10 vulnerabilities for web and mobile applications.

• Experience with penetration testing tools including:

  • Burp Suite

  • OWASP ZAP

  • Kali Linux

  • Packet capture and network analysis tools

  • Static source code analyzers

  • API testing tools (Postman, SoapUI)

  • Mobile security frameworks (MobSF, Frida)

Security Testing Methods

• Familiar with application security testing methodologies:

  • SAST (Static Application Security Testing)

  • DAST (Dynamic Application Security Testing)

  • SCA (Software Composition Analysis)

Programming / Scripting

Basic scripting or programming knowledge in:

• Python

• Java

• C

• JavaScript

• PowerShell

Additional Knowledge 

• Basic cloud security concepts

• Exposure to AI / LLM security considerations is a plus.