Vulnerability Management Analyst

<h3>Cybersecurity Vulnerability Management Analyst</h3><div><div><a href="https://himalayas.app/companies/sailpoint">SailPoint</a>’s Cybersecurity organization is seeking a Cybersecurity<br>Vulnerability Management Analyst with a passion for cybersecurity. This<br>role ensures the continuous discovery, accurate assessment, risk-based<br>prioritization, and successful remediation of vulnerabilities and<br>misconfigurations across all IT assets, directly reducing the organization's<br>exposure and maintaining regulatory compliance.<br></div><div>We are seeking a colleague with demonstrabletechnical expertise, strong<br>business acumen, and a proven track record of working in security<br>programs in complex environments. The ideal candidate will bepart ofthe<br>team securing <a href="https://himalayas.app/companies/sailpoint">SailPoint</a>’s production environments from misconfigurations<br>and software vulnerabilities, cross-functional collaboration, and ensuring<br>that products meet the highest standards of security, availability, and trust.<br></div><div>Our new Vulnerability Management Analyst will join a growing and capable<br>threat and vulnerability management team of both emerging and<br>established talent. They will embrace new challenges, and by being<br>their authentic self they will be a positive contributor to an already positive<p></p><h3>work culture and environment.</h3><div>This is a challenging and impactful role where you will have the opportunity<br>to work with a variety of stakeholders, including our fantastic colleagues in<br>IT, DevOps, Product engineering, Security engineering, and Compliance.<br>This role reports directly to the Head of Vulnerability Management and will<br>be remote. Candidae must go to Pune office once a quarter.<br></div><div>Key Requirements:<br>3-5 years experience, preferably in vulnerability management.<br>Strong engineering experience with cloud, containers, open-source<br>code, deployment and misconfigurations.<br>Intermediate experience with scripting languages (e.g., Python,<br>PowerShell) for automating data ingestion, reporting, or integrating<br>VM data into other security tools (SIEM/SOAR).<br>Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC,<br>GDPR) and providing evidence for compliance and audit needs.</div></div><div><div>Experience tracking trends and configure systems as required to<br>reduce false positives from true events.<br>Process Improvement: Drive continuous improvement in the efficiency<br>of vulnerability remediation through automation, ticketing system<br>integration (e.g., Jira), and process streamlining.<br>Influence & Collaboration – Demonstrable experience building strong<br>partnerships in a matrixed organization.<br>Technical– Intermediate understanding of product security issues<br>(like XXE, SSRF, Injections, etc.), modern software development (fully<br>automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure,<br>GCP, Containers, Kubernetes) architectures, particularly Amazon Web<br>Services, Kubernetes, and Docker.<br>Risk-Based Decision Making – Experience making informed decisions<br>through balancing business priorities, technical constraints, and risk<br>exposure.<br>Certifications like CISSP, CISA,CySA+, AWS Certs,or CCNSE, or<br>other relevant certifications are preferred.<br>If the candidate does not have the AWS Certified Cloud Practitioner or<br>AWS Certified Cloud Security – Specialty, they must take these<br>certifications within first year of employment.<br></div><div><b>Core Responsibilities:</b><br>Collaborating in the enterprise-wide product security and resilience<br>strategy, aligning with business goals and regulatory requirements.<br>Partnering with Dev/Ops, engineering, product management, and<br>infrastructure teams to integrate vulnerability management practices<br>into production environments.<br>Identifying risk in a production environment comprised of a<br>sophisticated SaaS architecture consisting of dozens of microservices<br>Maintain knowledge of the threat landscape for prioritization of<br>vulnerabilities, attack techniques, tool/exploit development, cyber<br>threat intelligence analysis and adversarial tactics.<br>Explaining risks, identifing dependencies, and facilitating the<br>remediation process by providing necessary details and context.<br>Enforce a prioritization framework that utilizes risk context beyond<br>standard CVSS scores, factoring in asset criticality, exposure to the<br>public internet, and internal threat intelligence (e.g., active<br>exploitation in the wild).<br>Drive the adoption of security automation, vulnerability management<br>with product teams.<br>Providing program performance reporting and metrics per business<br>unit and product.</div></div><div><div><b>First 30 Days</b><br>Learn the landscape, processes and technologies.<br>Complete all tooling platform specific training assigned.<br></div><div><b>60 Days</b><br>Take ownership of vulnerability analysis and reporting for a<br>designated environment<br>Establish communication and follow-up cadence with the remediation<br>teams<br>Identify and document an opportunity to improve the efficiency of the<br>current process<br></div><div><b>90 Days</b><br>Manage full lifecycle for all production environment<br>Collaborate with respective teams to address specific, frequent<br>occurring vulnerability, insecure coding, etc<br>Have deep understanding of all core technologies, environments and<br>our cloud architecture.<br>Contribute to the team internal knowledgebase on lessons learned</div></div><p><a href="https://himalayas.app/companies/sailpoint">SailPoint</a> is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.

Cybersecurity Vulnerability Management Analyst

Originally posted on Himalayas