Description
My cleint is seeking a highly skilled Threat and Vulnerability Management (TVM) Consultant to join their team. In this role, you will be responsible for identifying, assessing, and prioritizing threats and vulnerabilities within our IT environment. You will work closely with stakeholders across the organization to deliver effective threat and vulnerability management solutions and ensure our systems are secure and compliant with industry standards. This role requires a strong technical foundation in cybersecurity, excellent analytical skills, and the ability to translate complex risk findings into actionable recommendations.
Key Responsibilities
• Vulnerability Assessment and Remediation
• Conduct vulnerability assessments across networks, applications, and endpoints.
• Use industry-standard tools (e.g., Tenable, Qualys, Rapid7) to scan and assess vulnerabilities and misconfigurations.
• Collaborate with IT and development teams to prioritize, track, and remediate identified vulnerabilities.
• Develop and enforce secure configuration standards to reduce overall vulnerability exposure.
• Threat Intelligence and Analysis
• Gather and analyze threat intelligence data from internal and external sources.
• Identify and assess emerging threats that may impact the organization’s assets, operations, or reputation.
• Collaborate with SOC teams to analyze threat data, conduct root cause analysis, and correlate findings.
• Risk Assessment and Management
• Perform risk assessments, analyzing the potential business impact of identified vulnerabilities and threats.
• Develop and deliver risk mitigation strategies to enhance security posture.
• Work with security teams to ensure compliance with regulatory standards, frameworks, and policies (e.g., NIST, CIS, ISO 27001).
• Reporting and Communication
• Prepare and present detailed vulnerability and risk assessment reports to both technical and non-technical stakeholders.
• Communicate risk findings, trends, and remediation status to executive leadership and relevant teams.
• Develop metrics and dashboards to monitor the effectiveness of threat and vulnerability management processes.
• Security Program Development
• Assist in the design, implementation, and continuous improvement of the threat and vulnerability management program.
• Establish processes and best practices for vulnerability identification, risk assessment, and mitigation.
• Provide guidance on secure software development practices and vulnerability management to cross-functional teams.
• Incident Response and Support
• Provide support during security incidents, participating in threat containment, eradication, and remediation activities.
• Collaborate with Incident Response (IR) and Security Operations Center (SOC) teams on vulnerability-based incidents.
Required Qualifications
• Education : Bachelor's degree in Computer Science, Information Security, or a related field. Relevant experience may be substituted for a degree.
• Experience :
• Minimum of [3-5] years of experience in Threat and Vulnerability Management, Information Security, or a related role.
• Hands-on experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
• Familiarity with threat intelligence tools and services (e.g., MISP, Anomali, ThreatConnect).
• Proficiency in using SIEM solutions and other security monitoring tools.
• Certifications (preferred): CISSP, CISM, CEH, OSCP, CompTIA Security+, GIAC certifications.