Job Description

Job Title: Vulnerability Management Operations Analyst
Experience Level: Level 2 (3-5 years of experience)
Location: Montreal (Day 1 onboarding onsite / in office presence 3x week)
12 Months Contract Position
The candidate will be joining the global Vulnerability Management team within the Firm's Cyber Data Risk & Resilience organization. The role is an analyst position and will focus on the analysis of identified security vulnerabilities and coordination with technology teams to remediate and/or mitigate those findings.
Strong candidates need to be familiar with basic cybersecurity concepts, including the NIST NVD (CVE, CPE), CVSS scoring, and common attack vectors employed by threat actors. The analyst will manage findings identified by commercial cybersecurity tools (e.g., Qualys, Security Scorecard, Bitsight). Strong candidates need to be familiar with external scan findings from third party cyber security ratings agencies and comfortable escalating vulnerabilities and initiating requests for immediate remediation. Analyst will be expected to coordinate ad-hoc responses to inquiries from the Firm's CISO, Cyberlegal, and Cyber Threat Intelligence teams.
Desired Characteristics / Skills:
3-5 years of technology experience with time in a technology risk function
Strong understanding of vulnerabilities and following process and procedure
Understanding of network TCP/IP, web applications, technology components, interaction between layers and services for applications and infrastructure
Experience with an enterprise reporting platform (Power BI preferred)
Strong organizational, communication, and professional skills

Skills Required