Vulnerability Management Analyst

Position Description:

Title: Vulnerability Management Analyst L3
Location: Bangalore/Hyderabad/Chennai/Mumbai/Pune
Shift: European working hours
Skills: Cybersecurity, Vulnerability Management, Vulnerability Assessment, CVSS scoring system, Power BI, Proficiency in any scripting language

The Vulnerability Management Analyst L3 is a key member of the Vulnerability and Assurance Team as part of the Global Security Information Security & Architecture Center of Expertise, contributing to the development, enhancement, and delivery of CGI's Vulnerability Management Program. This role requires advanced cybersecurity expertise, including deep knowledge of networking fundamentals, modern threats and vulnerabilities, attack techniques, threat actors, and vulnerability management practices. The Analyst must be capable of conveying technical information clearly and effectively to non-technical business stakeholders, both verbally and in writing.
The individual will perform security assessments across various corporate and vendor solutions within the scope of CGI's Internal and Shared Services.
This role can be located in any CGI Office in the following locations: Europe or Asia
KEY RESPONSIBILITIES
Operations

. Provide expert analysis of vulnerabilities identified through scanning tools.
. Collaborate with global teams including security architecture, penetration testing, application development, and Risk Officers.
. Collect, evaluate, and classify threat indicators.
. Deliver security advisory services to business and project stakeholders, supporting risk remediation, documenting and tracking risks, and enabling risk-based decision making aligned with CGI's objectives.
. Review and define requirements for information security solutions.
. Develop and Maintain Vulnerability Management processes.

Vulnerability Management

. Monitor, identify, and assess security vulnerability advisories from multiple vendors.
. Prioritize discovered vulnerabilities and establish remediation timelines
. Work closely with team members to maintain documentation of vulnerability management procedures.
. Develop risk-based mitigation strategies for networks, operating systems, and applications
. Lead regular and ad-hoc vulnerability assessments, including analysis and validation.
. Collaborate with stakeholders and Red Team researchers to prioritize remediation and reduce attack exposure

Reporting

. Produce reports and recommendations based on vulnerability analysis.
. Prepare detailed management-level vulnerability reports.
. Track vulnerabilities and remediation outcomes to measure program effectiveness.
. Define and develop metrics to improve vulnerability management capabilities.

Service Management

. Partner with Global Security teams to configure baselines within assurance monitoring tools.
. Contribute to the enhancement of security and assurance monitoring tools as needed.
. Provide expert support on functional requests.
. Develop and maintain findings analysis for executive-level reporting.

EDUCATION

. Bachelor's degree (preferred): Cybersecurity, Computer Science, Information Systems, or a closely related technical field.
. Equivalent experience: Hands‑on work in vulnerability management, exposure management, threat analysis, or security engineering will be considered in place of a degree.
. Master's degree: A plus, not required.

CERTIFICATIONS (Preferred but not required)
Candidates with one or more relevant cybersecurity certifications are preferred. Examples include:

. Vulnerability Management & Threat Intelligence: GCVP, CySA+, GCTI
. General Security & Governance: CISSP, CCSP, CISM, CRISC
. Cloud Security: AWS Certified Security – Specialty; Microsoft Azure Security Engineer (AZ‑) or Security Operations Analyst (SC‑); Google Professional Cloud Security Engineer
. Offensive Security & Penetration Testing (Optional/Bonus): OSCP, GPEN, GXPN, GWAPT.

Equivalent practical experience in vulnerability assessment, exposure management, threat analysis, or security operations may substitute for formal certifications.
EXPERIENCE

. 5+ years of experience in cybersecurity, including at least 2+ years in vulnerability management.
. Hands-on experience with vulnerability management tools such as Rapid7, Qualys, Tenable, or similar scanning platforms.
. Experience in cloud vulnerability management
. Proficiency in one or more scripting languages (e.g., Python, PowerShell, Ruby).
. Understanding of advanced persistent threats (APT).
. Strong knowledge of application, network, and operating system security concepts.
. Experience with PowerBi or RSA Archer.
. Familiarity with CVSS scoring for vulnerability evaluation and prioritization.
. Knowledge of cyber security frameworks such as CIS Benchmarks and NIST.
. Strong understanding of cyber security and risk management best practices

KEY SKILLS AND COMPETENCIES

. Excellent written and verbal communication skills in English; French is an asset.
. Ability to produce high-quality technical reports and remediation guidance tailored to diverse audiences.
. Self-motivated, autonomous, and proactive.
. Proven ability to collaborate effectively with cross-functional and virtual teams.
. Willingness to travel internationally up to 10% as required.
. Detail-oriented, organized, and methodical with strong follow-up and analytical skills.
. Ability to quickly learn new technologies.
. Adaptability to dynamic and evolving environments.

Skills: