Vulnerability Management Analyst

Cybersecurity | Vulnerability Management

We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced Vulnerability Management Analyst to take ownership of the end-to-end vulnerability management lifecycle across a complex enterprise environment.

This is a highly operational and business-critical role focused on transforming raw vulnerability data into measurable risk reduction. The successful candidate will act as the central coordination point between security tooling, infrastructure teams, cloud teams, application owners, and remediation stakeholders to ensure vulnerabilities are prioritised, tracked, governed, and resolved effectively.

The Role

You will be responsible for consolidating and managing vulnerability findings generated from multiple sources including Tenable, Rapid7, GitLab Secure, Prisma, and manual security assessments.

The role requires a strong understanding of vulnerability prioritisation, remediation coordination, SLA governance, reporting, and risk management, ensuring that critical findings are remediated efficiently and that leadership has clear visibility into the organisation’s security posture.

Key Responsibilities

• Consolidate vulnerability findings from multiple security platforms into a single prioritised remediation backlog
• Prioritise vulnerabilities using CVSS, EPSS, KEV catalog data, threat intelligence, exploitability, and asset criticality
• Assign findings to infrastructure, application, and cloud owners and track remediation activities through to closure
• Escalate overdue remediation items and ensure SLA adherence across teams
• Host weekly remediation and governance sessions with technical stakeholders
• Produce weekly and monthly vulnerability management reports including:
• Open vs closed findings
• Vulnerability aging analysis
• SLA adherence metrics
• Trend analysis
• Top recurring issues and offenders
• Manage exception workflows for vulnerabilities that cannot be remediated within agreed timelines
• Ensure all approved exceptions are documented, time-bound, and audit-ready
• Feed residual risks and unresolved findings into the enterprise Risk Register
• Support continuous improvement initiatives across vulnerability management processes and reporting

What We’re Looking For

Technical Experience

• Minimum 3+ years of hands-on vulnerability management experience
• Strong experience with:
• Tenable.sc
• Rapid7
• GitLab Secure
• Jira and/or ServiceNow
• Strong understanding of:
• Vulnerability prioritisation methodologies
• CVSS scoring
• EPSS
• CISA KEV catalog
• Threat intelligence-driven remediation
• Experience working across infrastructure, cloud, and application security environments
• Strong scripting and automation skills using Python, Bash, or PowerShell

Security & Governance Knowledge

• Familiarity with:
• NIST CSF 2.0
• ISO 27001
• MITRE ATT&CK
• UAE IA Regulation
• Understanding of remediation governance, exception handling, and audit readiness
• Experience managing security metrics, reporting, and SLA tracking

Certifications:

Relevant industry certifications are highly desirable, including:

• CISSP
• GCIH
• OSCP
• CCSP
• Vendor-specific certifications

Soft Skills:

• Excellent written and verbal communication skills
• Ability to engage effectively with both technical teams and senior leadership
• Strong organisational and stakeholder management capability
• High attention to detail with a proactive and accountable mindset

Key Objectives:

• Achieve and maintain remediation SLA targets across all severity levels
• Eliminate vulnerability backlog growth through effective remediation governance
• Provide leadership with a single, accurate source of truth for enterprise vulnerability posture
• Ensure all critical vulnerabilities are either remediated or formally exception-approved within defined timelines
• Build sustainable vulnerability management processes with measurable operational improvement

Salt is acting as an Employment Business in relation to this vacancy.