We have an urgent requirement for Vulnerability Management Specialist (Using Qualys & CVSSv3.1) with experience in banking domain is required for our banking clients in Abu Dhabi ,UAE
Conduct enterprise-wide vulnerability scans using Qualys.---Must Analyze and prioritize vulnerabilities using CVSS v3.1 scoring, exploitability, asset criticality, and business context--Must
Strong understanding of CVSS v3.1, CWE, OWASP Top 10, and risk-based vulnerability management.--Must
Job Summary
We are seeking a Vulnerability Management Specialist to lead the identification, assessment, and remediation tracking of security vulnerabilities across the bank’s enterprise environment. This role will own the end-to-end vulnerability lifecycle, from scanning and prioritization to executive reporting, ensuring risk reduction aligns with board-level risk appetite.
Key Responsibilities Vulnerability Scanning & Assessment:Conduct enterprise-wide vulnerability scans using Qualys. Perform regular authenticated and unauthenticated scans across infrastructure, applications, and cloud environments.
Risk-Based Prioritization:Analyze and prioritize vulnerabilities using CVSS v3.1 scoring, exploitability, asset criticality, and business context. Drive focus on high-risk exposures impacting critical banking systems.
Remediation Tracking & SLA Management:Maintain remediation SLA tracking dashboards for visibility into patching status and aging vulnerabilities. Follow up with IT and application owners to ensure timely closure within defined timelines.
Executive & Board-Level Reporting Prepare and present quarterly vulnerability posture reports for executive management and risk committees. Translate technical risk into business impact aligned with the board’s risk appetite.
Penetration Testing Coordination:Coordinate third-party and internal penetration testing exercises. Validate findings, track remediation, and ensure re-testing for closure.
Process & Tool Optimization:Enhance vulnerability management processes, reporting workflows, and Qualys platform configurations. Contribute to policy updates and KPI definition for continuous improvement.
Required Qualifications & Skills Experience:4+ years in enterprise vulnerability assessment, remediation tracking, and penetration test coordination. Tools: Hands-on expertise with Qualys VMDR is a must-have. Familiarity with Service Now VR, Tenable, or Rapid7 is a plus. Framework Knowledge: Strong understanding of CVSS v3.1, CWE, OWASP Top 10, and risk-based vulnerability management.
Analytical Skills: Ability to contextualize technical vulnerabilities with business risk and communicate impact to technical and non-technical stakeholders.
Reporting: Experience building dashboards and executive reports for senior leadership and board-level consumption. Certifications One of CISSP, Certified Ethical Hacker, OCSP(Anyone must)
Skills: vulnerability management,vulnerability,cvss