Vulnerability Management Senior Analyst

This is your opportunity to join AXIS Capital
– a trusted global provider of specialty lines insurance and reinsurance.

We stand apart for our outstanding client service, intelligent risk taking and superior risk adjusted returns for our shareholders.

We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture.

As a member of AXIS, you join a team that is among the best in the industry.

At AXIS, we believe that we are only as strong as our people.

We strive to create an inclusive and welcoming culture where employees of all backgrounds and from all walks of life feel comfortable and empowered to be themselves.

This means that we bring our whole selves to work.

All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex, pregnancy, sexual orientation, gender identity or expression, national origin or ancestry, citizenship, physical or mental disability, age, marital status, civil union status, family or parental status, or any other characteristic protected by law.

Accommodation is available upon request for candidates taking part in the selection process.

Vulnerability Management Senior Analyst This position is a senior role within the vulnerability management team at AXIS Capital.

This role is for a leader who is driven by identifying, assessing, exploiting, and demonstrating the impacts of cybersecurity vulnerabilities in a complex and sophisticated environment.

This role will also lead the design and implementation of right-sized remediation or mitigation strategies and conduct validation activities.

This individual will provide direction and technical leadership in assuring that the vulnerability management program operates effectively and grows at pace with cyber threats and AXIS’ business environment.

This position will be directly responsible for operational aspects, technical vulnerability discovery, research, analysis, as well as a relationship building with teams across AXIS.

Lastly, this position will be accountable for providing key inputs to governance processes such as metrics, escalations, threat modeling, and risk management activities.

Responsibilities Drive and enhance capabilities and processes to rapidly identify and resolve vulnerabilities Continuously research and assess vulnerabilities in the context of the AXIS environment to inform prioritization Build collaborative relationships with business, application, and architecture teams to communicate vulnerability identification, criticality, risk, mitigation, and remediation activity Communicate vulnerability metrics, risks, and work with senior management stakeholders to continuously improve the practice Continuously identify areas of opportunity for risk reduction and increased operational effectiveness Oversee the expansion of vulnerability management capabilities across cloud environments, application security, penetration testing, and internal projects Assess risks associated with vulnerabilities and communicate risk management recommendations to senior leadership Manage onshore and offshore vulnerability management analysts and operate as a mentor to junior resources Maintain and enhance tooling used in daily operations Required Skills and Qualifications 2-5 years of hands-on experience operating or implementing vulnerability identification and reporting tools 2-5 years of hands-on experience identifying and exploiting network, infrastructure, and application vulnerabilities Undergraduate or equivalent degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering, or business information systems Demonstrate use of vulnerability criticality assessment frameworks (such as CVE or equivalent) to prioritize vulnerabilities for remediation Strong technical understanding of how vulnerabilities are introduced, how they can be identified, how they can be exploited, and how they are remediated or mitigated Demonstrate ability to communicate technically dense concepts to non-technical audiences Excellent verbal and written communication skills Demonstrates excellent functional leadership characteristics and is a strong collaborator Preferred Skills and Qualifications 1-5 years of functional leadership experience, experience in the military will also be considered One or more of the following / equivalent certifications: OSCP, OSCE, CISM, CISA, GXPN, GEVA, CVA Hands-on experience with building, operating, or maturing information assurance, vulnerability management and analysis programs Hands-on experience creating and operating bug bounty programs Ability to assess and communicate interplays between vulnerability criticality, business risk, and technology risks 1-5 years hands-on experience executing penetration tests Category Information Security Analysts Education Bachelor’s Degree Experience 2 to 5 years Job type Full time