Sr. Vulnerability Analyst

• Analyze cyber defense policies, configurations, and evaluate compliance with organizational directives and relevant regulations.
• Maintain a deployable cyber defense audit toolkit (software and hardware) to support audit missions and stay up to date on applicable compliance documents.
• Prepare audit reports identifying technical and procedural findings, with recommended remediation strategies.
• Conduct both technical and nontechnical risk and vulnerability assessments across computing environments, infrastructure, networks, and applications.
• Review vulnerability data from sources like penetration tests and scans, assess risks to business assets, and support vulnerability remediation reporting.
• Improve and automate the vulnerability management lifecycle, including data ingestion, compliance metrics, and asset detection.
• Collaborate with technology teams and business stakeholders to implement protective security solutions and communicate risks with cost-effective recommendations.

Requirements

• BSc is a must, MSC is preferable.
• 2-4 years experience working within the information security field.
• Good communication skills (English, Arabic)
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• Proficient in preparation of reports, dashboards and documentation.