Vulnerability Management Analyst
12-Month Contract - Abu Dhabi
We are currently looking for an experienced Vulnerability Management Analyst to join a large-scale cybersecurity programme focused on strengthening enterprise-wide vulnerability management and remediation processes.
This role will take ownership of the end-to-end vulnerability management lifecycle, ensuring security findings are effectively prioritized, tracked, remediated, and reported across infrastructure, cloud, and application environments.
You will act as the critical link between security tooling and remediation teams, helping ensure vulnerabilities are translated into measurable risk reduction rather than operational noise.
Key Responsibilities
- Consolidate vulnerability findings from multiple platforms into a single prioritized remediation backlog
- Manage vulnerabilities across platforms including Tenable.sc, Rapid7, GitLab Secure, Prisma, and manual assessments
- Prioritize findings using CVSS, EPSS, KEV catalog, asset criticality, and threat intelligence
- Coordinate directly with infrastructure, cloud, and application owners to drive remediation activities
- Track remediation progress through Jira and/or ServiceNow workflows
- Escalate overdue findings and ensure remediation SLAs are met
- Lead weekly remediation and vulnerability review sessions with technical stakeholders
- Manage vulnerability exceptions and ensure appropriate governance and audit traceability
- Produce weekly and monthly vulnerability management reports, including:
- SLA adherence
- Aging analysis
- Open vs closed trends
- Top offenders
- Risk posture reporting
- Feed residual risks and accepted exceptions into the enterprise Risk Register
Environment & Tooling
- Tenable.sc
- Rapid7
- GitLab Secure
- Prisma
- Jira / ServiceNow
- Threat intelligence and vulnerability prioritization frameworks
What We're Looking For
- 3+ years of hands-on experience within Vulnerability Management or Security Operations
- Strong understanding of vulnerability remediation lifecycles and security risk prioritization
- Experience working with enterprise vulnerability scanning platforms and ticketing systems
- Knowledge of:
- CVSS
- EPSS
- MITRE ATT&CK
- KEV Catalog
- Threat intelligence workflows
- Strong reporting and stakeholder management capabilities
- Experience working within enterprise security frameworks including:
- NIST CSF 2.0
- ISO 27001
- CIS Controls
- UAE IA Regulation
- Scripting or automation experience with Python, Bash, or PowerShell is highly desirable
Relevant industry certifications are highly advantageous, including:
- CISSP
- OSCP
- GCIH
- CCSP
- Vendor-specific certifications
Please apply to be contacted with further information.
