Role Overview
The Vulnerability & Patch Management Analyst is responsible for maintaining vulnerability scanning platforms, driving remediation efforts, managing patch deployment, and supporting incident response activities. The role requires strong analytical skills, technical expertise, and the ability to work collaboratively with support and engineering teams to improve the security posture of the organisation.
Key Responsibilities
Vulnerability Management
* Maintain and operate vulnerability scanning platforms to identify, analyse, and track security vulnerabilities.
* Apply a risk-based approach to prioritise remediation efforts.
* Partner with support and engineering teams to ensure timely resolution of identified issues.
* Develop and deliver reporting dashboards and insights to communicate remediation progress to stakeholders, including technical teams and leadership.
* Perform data correlation to identify patterns, trends, and areas of recurring risk, generating management information (MI) for wider distribution.
Security Incident Response
* Assist in managing high-priority vulnerability-related incidents.
* Coordinate with support teams to implement mitigation and remediation actions.
* Monitor daily security dashboards and generate weekly reports that track remediation progress across teams.
Qualys Patch Management
* Manage the deployment and validation of patches and updates to end-user systems using Qualys Patch Management (QPM).
* Monitor patch compliance across devices to ensure timely application of critical updates.
* Troubleshoot and resolve patching issues, working closely with stakeholders where required.
* Schedule patch windows and coordinate with end-users to minimise operational disruption.
* Develop scripts or adapt solutions for patches or fixes not available directly through QPM.
Skills and Experience
* Strong experience in vulnerability management, patch management, or related security operations.
* Proficiency with vulnerability scanning tools and dashboards, especially Qualys or similar platforms.
* Solid understanding of risk-based remediation, security controls, and incident management processes.
* Experience producing dashboards, reports, and management information for technical and non-technical stakeholders.
* Scripting capability (e.g., PowerShell, Python) for automating fixes or supporting patching processes.
* Strong communication, coordination, and problem-solving skills.
#J-18808-Ljbffr