Vulnerability/Threat Management Analyst

The Vulnerability/Threat Management Analyst identifies and manages weaknesses and cyber threats in networks and software and then takes measures to correct and strengthen security within the system.

Role overview

Vulnerability/Threat Management Analysts are responsible for maintaining all vulnerability or threat management solutions, ensuring that all assets and systems are scanned for vulnerabilities regularly. They then need to bring any findings to the attention of the business while working within the cybersecurity department to prioritize and remediate threats.

Threat Management Analysts

may also be referred to as:

Cloud Security Threat Management Engineer

Cybersecurity Threat Engineer

Cybersecurity Threat Specialist

Cyber Threat Assessor

Cyber Threat Engineer

Cybersecurity Threat Analyst

Cybersecurity Vulnerability Analyst

Cybersecurity Vulnerability Assessor

Security Threat Coordinator

Threat And Vulnerability Engineer

Threat And Vulnerability Management Analyst

Threat And Vulnerability Management Intern

Threat And Vulnerability Manager

Vulnerability Analyst

Vulnerability Management Administrator

Vulnerability Management Analyst

Vulnerability Manager

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:

$123,300

National Average

$136,650

$150,000

* based upon those with two plus years of cybersecurity experience

Responsibilities

• Operating the vulnerability scanning tool set, including Nexpose and Tenable.

• Improving business-wide knowledge and understanding of emerging threats.

• Reviewing and analyzing vulnerability data to identify trends and patterns.

• Advising employees responsible for remediation on the best reduction and remediation practices.

• Influencing the development of vulnerability management standards and security policies.

• Operating vulnerability management processes, suggesting applicable change controls, and security exceptions.

• Designing and implementing vulnerability reporting and monitoring solutions.

• Maintaining and updating process guides and assisting with reporting to leadership and service stakeholders.

• Assisting and supporting the manager in incident handling/investigations.

• Performing risk-based technical assessments on technical vulnerabilities.

Tools & Environment

Vulnerability or Threat Management Analysts use various tools associated with vulnerability management, such as Qualys, Kenna, Microsoft Defender ATP, and ServiceNow. They also work with various public cloud infrastructures, scripting languages, and reporting tools.

Certifications

Category	Organization	Certification
Defense	(ISC)2	CISSP-ISSEP
Defense	(ISC)2	SSCP
Defense	(ISC)2	CCSP
Defense	(ISC)2	CAP
Defense	Alibaba	ACA
Defense	Alibaba	ACP
Defense	Alibaba	ACE
Defense	AWS	Certified Security
Defense	CertNexus	ITS
Defense	Check Point	CCSA
Defense	Check Point	CCSE
Defense	Cisco	CCNA Security
Defense	Cisco	CCNP Security
Defense	Cisco	CCIE Security
Defense	Cisco	CCNA CyberOps
Defense	Cloud Credential Council	PCSM
Defense	CompTIA	Security+
Defense	CompTIA	CySA+
Defense	CompTIA	CASP
Defense	CREST	CCWS
Defense	CREST	CPTIA
Defense	CREST	CRTIA
Defense	CREST	CCTIM
Defense	CREST	CPIA
Defense	CREST	CRIA
Defense	CREST	CCNIA
Defense	CREST	CCHIA
Defense	CREST	CCMRE
Defense	CSA	CCSK
Defense	EC-Council	CND
Defense	EC-Council	EDRP
Defense	EC-Council	CTIA
Defense	EC-Council	CSA
Defense	EC-Council	ECSS
Defense	EITCI	EITCA/IS
Defense	eLearnSecurity	eNDP
Defense	eLearnSecurity	eCRE
Defense	eLearnSecurity	eCTHP
Defense	EXIN	CIT-F
Defense	Fortinet	NSE 4
Defense	Fortinet	NSE 5
Defense	Fortinet	NSE 6
Defense	Fortinet	NSE 7
Defense	Fortinet	NSE 8
Defense	GAQM	CISP
Defense	GIAC	GSEC
Defense	GIAC	GCIA
Defense	GIAC	GISF
Defense	GIAC	GCED
Defense	GIAC	GCWN
Defense	GIAC	GPPA
Defense	GIAC	GMON
Defense	GIAC	GCCC
Defense	GIAC	GCUX
Defense	GIAC	GDAT
Defense	GIAC	GMOB
Defense	GIAC	GAWN
Defense	GIAC	GREM
Defense	GIAC	GCTI
Defense	GIAC	GISP
Defense	GIAC	GWEB
Defense	GIAC	GICSP
Defense	GIAC	GRID
Defense	GIAC	GCIP
Defense	GIAC	GEVA
Defense	GIAC	GOSI
Defense	GIAC	GCSA
Defense	Google	PCSE
Defense	HISPI	HISP
Defense	IACRB	CDRP
Defense	IACRB	CEREA
Defense	IACRB	CREA
Defense	IACRB	CSSA
Defense	IBITGQ	C CR P
Defense	IBITGQ	CITGP
Defense	IBITGQ	C CS F
Defense	ISACA	CSX-F
Defense	ISACA	CSX-T
Defense	ISACA	CSX-P
Defense	ISECOM	OPSA
Defense	ISECOM	OPSE
Defense	Juniper	JNCIA-SEC
Defense	Juniper	JNCIS-SEC
Defense	Juniper	JNCIP-SEC
Defense	Juniper	JNCIE-SEC
Defense	Juniper	JNCDS-SEC
Defense	Lunarline	CECS
Defense	Lunarline	CESA
Defense	McAfee Institute	CCII
Defense	McAfee Institute	CCIP
Defense	McAfee Institute	CSMIE
Defense	McAfee Institute	SMIA
Defense	McAfee Institute	CCTA
Defense	McAfee Institute	C\|OSINT
Defense	Microsoft	AZ-500
Defense	Mile2	C)SA2
Defense	Mile2	C)SP
Defense	Mile2	IS20
Defense	Mile2	C)VA
Defense	Mile2	C)DRE
Defense	Mile2	C)VCP
Defense	Mile2	C)VE
Defense	Mile2	C)CSO
Defense	Mile2	C)VSE
Defense	Mile2	C)ISS
Defense	Palo Alto	PCCSA
Defense	Palo Alto	PCNSA
Defense	Palo Alto	PCNSE
Defense	Redhat	EX415
Defense	Redhat	EX425
Defense	SECO-Institute	S-ISF
Defense	SECO-Institute	S-ISP
Defense	SECO-Institute	S-ITSF
Defense	SECO-Institute	S-ITSP
Defense	SECO-Institute	S-ITSE
Defense	SECO-Institute	S-DWF
Defense	Symantec	250-215
Defense	Symantec	250-420
Defense	Symantec	250-426
Defense	Symantec	250-428
Defense	Symantec	250-430
Defense	Symantec	250-433
Defense	Symantec	250-438
Defense	Symantec	250-440
Defense	Symantec	250-441
Defense	Symantec	251/250-443
Defense	Symantec	250-444
Defense	Symantec	250-445
Defense	Symantec	251/250-446
Defense	Symantec	251/250-447
Defense	Symantec	251/250-551
Defense	Symantec	250-556
	Organization