Position Summary
The Vulnerability Management / Incident Response Specialist is responsible for identifying, assessing, and mitigating security vulnerabilities, as well as responding to and remediating security incidents. This dual-focused role ensures the organization maintains a proactive security posture while effectively managing and containing security events. Specialists collaborate with IT, SOC, and security teams to reduce risk exposure and strengthen the organization’s overall security resilience.
Key Responsibilities
Vulnerability Management
- Conduct regular vulnerability scans on networks, systems, applications, and cloud environments using tools such as Qualys, Tenable, Rapid7, or Nexpose.
- Analyze scan results to identify critical vulnerabilities, misconfigurations, or exposures.
- Prioritize vulnerabilities based on risk, business impact, and exploitability.
- Collaborate with IT and application teams to remediate vulnerabilities and track resolution.
- Maintain documentation and reporting on vulnerability trends, metrics, and remediation progress.
Incident Response
- Respond to security incidents, including malware infections, unauthorized access, data breaches, and policy violations.
- Investigate alerts and anomalies from SIEM, endpoint protection, or other monitoring tools.
- Contain, mitigate, and remediate incidents according to defined incident response plans.
- Document incident findings, timelines, actions taken, and lessons learned.
- Participate in post-incident reviews and recommend improvements to controls and processes.
Threat Analysis & Risk Assessment
- Conduct root cause analysis to identify underlying vulnerabilities exploited during incidents.
- Monitor emerging threats, exploits, and attack vectors to proactively improve defenses.
- Provide actionable recommendations for security hardening and risk reduction.
Reporting & Collaboration
- Generate reports for management on vulnerability trends, incident metrics, and remediation effectiveness.
- Collaborate with SOC Analysts, SIEM Engineers, IT teams, and security leadership to address risks.
- Assist in compliance reporting for frameworks such as HIPAA, SOC 2, ISO 27001, PCI DSS.
Continuous Improvement
- Maintain knowledge of industry best practices for vulnerability management and incident response.
- Recommend improvements to detection, monitoring, and response workflows.
- Participate in security projects, patch management planning, and system upgrades.
Qualifications
Required
- 3–5+ years of experience in vulnerability management, incident response, or cybersecurity operations.
- Familiarity with vulnerability scanning tools (Qualys, Nessus, Rapid7, Tenable) and remediation workflows.
- Knowledge of incident response frameworks, processes, and best practices.
- Understanding of networking, endpoints, servers, cloud environments, and common attack vectors.
- Strong analytical, investigative, and documentation skills.
Preferred
- Security certifications such as CISSP, CISM, GCIH, or CRISC.
- Experience with SIEM, EDR, or other threat monitoring platforms.
- Familiarity with scripting or automation for remediation or alert investigation.
- Experience in a SOC or Managed Security Services environment.