Vulnerability Management Analyst at Moniepoint Inc.

Role Overview:

• We are seeking a motivated and detail-oriented  Vulnerability Management Engineer to join our Information Security team. This role is responsible for executing key functions across the vulnerability management lifecycle - from discovery and assessment to remediation tracking and reporting - to enhance the organization’s overall security posture.
• This is an entry-level role designed for candidates looking to build hands-on experience in vulnerability management, working closely with senior security engineers, IT teams, and product teams.

Key Responsibilities

Vulnerability Discovery and Assessment

• Execute and monitor periodic vulnerability scans across internal infrastructure and cloud platforms.
• Conduct periodic scans to support compliance requirements.
• Perform External Attack Surface Assessments on internet-facing assets.
• Assist in validating scan results and identifying false positives.

Analysis, Prioritization, and Reporting

• Analyze Vulnerability scan results to identify security gaps and potential threats.
• Prioritise Vulnerability scan report based on risk severity and business impact.
• Report findings to asset owners and relevant stakeholders for timely remediation.

Remediation and Tracking

• Collaborate with IT, System Administrators, and Product Teams to ensure vulnerabilities are remediated within defined Service Level Agreements (SLAs).
• Track remediation progress and follow up on outstanding vulnerabilities.
• Support implementation of mitigation strategies where immediate remediation is not possible.

Risk Management

• Assist in performing risk assessments related to identified vulnerabilities.
• Support documentation of risks and contribute to mitigation planning.
• Maintain awareness of evolving risk posture across systems.

Security Tools and Technologies

• Support the operation and maintenance of vulnerability management tools.
• Assist in scan configuration, execution, result interpretation and reporting.

Compliance and Standards

• Support vulnerability management activities aligned with standards such as PCI-DSS, ISO 27001, and NIST.
• Assist with audit preparation, including evidence gathering and documentations.
• Ensure scanning and remediation practices meet compliance requirements.

Reporting and Metrics

• Assist in creating dashboards and reports to visualize vulnerability trends, risk posture, and remediation performance.
• Maintain accurate records of vulnerabilities, remediation status, and scan history.
• Communicate findings clearly to both technical and non-technical stakeholders.
• Suggest improvements to scanning, reporting, and remediation workflows.

Support Incident Response & Threat Intelligence Units

• Assist in Incident Response tasks and post-incident analysis when needed.
• Assist in Threat Intelligence tasks from internal and external sources when needed.
• Track emerging threats, vulnerabilities, and tactics used by relevant threat actors.
• Contribute to threat briefings and recommendations for security controls.

Continuous Learning and Improvement

• Stay current with emerging vulnerabilities, threats, and cybersecurity trends.
• Participate in training, labs, and knowledge-sharing sessions.
• Continuously develop technical skills in security tools and methodologies.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Good understanding of vulnerability management lifecycle, vulnerability scanning/patch management tools, SIEM, EDR, CSPM  is an advantage.
• Understanding of networking fundamentals, operating systems, and cloud concepts.
• Strong analytical and problem-solving skills.
• Ability to work collaboratively and willingness to learn.

Preferred (Nice to Have)

• Entry-level certifications such as CompTIA Security+, ISC2 (CC), BTL1, eJPT
• Familiarity with Linux/Windows environments and cloud platforms (AWS, or GCP).
• Hands-on lab, internship, or project experience in security operations or vulnerability assessment.