Vulnerability Analyst / Exposure Management Analyst

We're looking for a skilled consultant to join our client's team, focusing on enhancing security measures and ensuring effective vulnerability management across various entities. This role is pivotal in streamlining and coordinating vulnerability discovery, analysis, and remediation efforts, aimed at strengthening the overall cybersecurity posture.

Key Responsibilities

• Coordinate vulnerability discovery activities across multiple platforms and asset groups, ensuring onboarding of entities into the Group VM platform is progressing effectively.
• Work collaboratively with VM Tooling Engineers and outsourcing partners to validate asset coverage, scan quality, and data completeness, while identifying and addressing any blind spots.
• Assist entities with analyzing vulnerability findings through risk-based prioritization, translating technical information into actionable remediation priorities.
• Monitor remediation progress, track high-risk vulnerabilities, and escalate any blocked items through governance channels.
• Generate regular vulnerability and exposure reports for security leadership, providing clear management summaries on key risks and decision-making requirements.
• Act as the primary coordination point between various stakeholders, facilitating remediation meetings and promoting consistent working practices across the organization.
• Identify improvement opportunities within current processes and workflows, contributing to the evolution towards more automated and contextualized vulnerability management.

Profile of the Ideal Candidate

• A minimum of three years of experience in a similar role, with a strong background in vulnerability management and IT operations.
• Solid understanding of vulnerability scanning, asset discovery, and remediation workflows, along with familiarity with CVEs, CVSS, and exploitability metrics.
• Practical experience with tools such as Qualys, Tenable, Rapid7, or similar platforms.
• Experience working within federated, multi-entity environments is a significant advantage.
• Strong analytical capabilities with the ability to translate technical vulnerabilities into business-relevant risk priorities, alongside excellent coordination and stakeholder management skills.
• Proven ability to operate effectively without direct hierarchical authority, demonstrating persistence and an outcome-driven mindset.

Language Requirements

Fluency in English and Dutch is required to effectively communicate across the organization.