PitchMeAI
Milliman

IS Analyst- Vulnerability Management

Milliman · Gurgaon, Haryana, India

  • Hybrid
  • Full-time
  • $110,000 / year
  • Gurgaon, Haryana, India

Job highlights

  • Analyze vulnerabilities using industry tools.
  • Coordinate remediation with IT and development.
  • Develop security policies and procedures.
  • Monitor threat intelligence and assess impact.
  • Report on vulnerability trends and progress.

About the role

Information Security Analyst - Vulnerability Management

Milliman is seeking an Information Security Analyst specializing in Vulnerability Management to join their GCS IS team. This role is crucial for contributing to physical and technical information security best practices, and will involve consulting with local offices to implement network and application security procedures. The position reports to the Information Security Manager in India.

Duties and Responsibilities

  • Act as a key member of the GCS IS Ethical Hacking & Data Protection Team.
  • Conduct regular vulnerability assessments using industry-standard tools such as Qualys and Nessus.
  • Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with IT and development teams.
  • Maintain and improve the vulnerability management lifecycle, encompassing scanning, reporting, tracking, and verification.
  • Monitor threat intelligence feeds and correlate internal findings to assess potential impact.
  • Develop and maintain dashboards and metrics to report on vulnerability trends and remediation progress.
  • Assist in the development and enforcement of security policies, standards, and procedures.
  • Stay updated on information security threats and countermeasures, advising technical staff accordingly.
  • Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain.

Required Skills & Attributes

  • Experience with vulnerability management tools like Qualys VMDR, Cloud Agents, and Nessus Professional.
  • Demonstrated skills in the Vulnerability Management lifecycle, including vulnerability scanning, remediation, and validation.
  • Proficiency with vulnerability scanning tools and interpreting CVSS scores.
  • Strong knowledge of operating systems (Windows, Linux), networking, and cloud environments (Azure, AWS).
  • Understanding of scanning cloud services (Azure, AWS) environments.
  • Strong English verbal and written communication skills, with the ability to clearly document and communicate vulnerabilities to network administrators, asset owners, and key stakeholders.
  • Strong ability to work effectively in a team and collaborate across multiple time zones.

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in vulnerability management or a related cybersecurity role.
  • Familiarity with regulatory and compliance frameworks such as ISO 27001, NIST, and PCI-DSS.

Preferred Skills & Attributes

  • One or more relevant certifications (e.g., CISSP, CEH, CompTIA Security+, Qualys VMDR).
  • Ability to interpret information security data and processes to identify potential compliance issues.
  • Strong decision-making and problem-solving skills, with the ability to clearly define and resolve issues.
  • Assertive and proactive in identifying and resolving issues and concerns.
  • Excellent time management skills, including the ability to prepare, prioritize, and complete work plans.
  • Ability to work with geographically diverse offices in a global organization, with a willingness to work offset hours occasionally to accommodate time zones.

Key Skills/Competency

  • Vulnerability Management
  • Ethical Hacking
  • Data Protection
  • Qualys
  • Nessus
  • CVSS
  • Network Security
  • Cloud Security
  • Incident Response
  • Risk Assessment

Skills & topics

  • Information Security Analyst
  • Vulnerability Management
  • Cybersecurity
  • Ethical Hacking
  • Data Protection
  • Qualys
  • Nessus
  • Network Security
  • Cloud Security
  • Incident Response
  • Risk Management
  • Compliance
  • ISO 27001
  • NIST
  • PCI-DSS
  • CISSP
  • CEH
  • CompTIA Security+
  • Windows
  • Linux
  • Azure
  • AWS

How to get hired

  • Tailor your resume: Highlight your experience with vulnerability management tools like Qualys and Nessus, and quantify your achievements in vulnerability lifecycle management and risk assessment.
  • Showcase technical skills: Emphasize your proficiency in operating systems, networking, cloud environments (Azure, AWS), and interpreting CVSS scores.
  • Demonstrate collaboration: Provide examples of your ability to communicate complex technical information clearly to diverse stakeholders and work effectively across time zones.
  • Prepare for technical questions: Be ready to discuss your experience with vulnerability scanning, remediation strategies, and your understanding of security frameworks like NIST and ISO 27001.
  • Highlight certifications: If you hold relevant certifications such as CISSP, CEH, or CompTIA Security+, ensure they are prominently featured on your application.

Technical preparation

Master vulnerability scanning tools (Qualys, Nessus).,Understand vulnerability lifecycle and CVSS scoring.,Familiarize with Windows, Linux, Azure, AWS.,Study compliance frameworks (NIST, ISO 27001).

Behavioral questions

Describe a complex vulnerability you identified.,How do you prioritize remediation efforts?,How do you communicate technical risks to non-technical staff?,How do you collaborate across different time zones?

Frequently asked questions

What are the primary responsibilities for an IS Analyst- Vulnerability Management at Milliman?
The primary responsibilities include conducting vulnerability assessments, analyzing scan results, prioritizing vulnerabilities, coordinating remediation efforts, maintaining the vulnerability management lifecycle, monitoring threat intelligence, and developing security policies at Milliman. You will also participate in the Cyber Security Incident Response Team (CSIRT).
What technical skills are essential for the IS Analyst- Vulnerability Management role at Milliman?
Essential technical skills include proficiency with vulnerability management tools like Qualys VMDR and Nessus Professional, understanding of the vulnerability management lifecycle, knowledge of CVSS scoring, strong grasp of operating systems (Windows, Linux), networking, and cloud environments (Azure, AWS).
What kind of experience does Milliman require for this Information Security Analyst position?
Milliman requires a Bachelor’s degree in Computer Science, Information Security, or a related field, and at least 5 years of experience in vulnerability management or a related cybersecurity role. Familiarity with regulatory and compliance frameworks is also expected.
How does Milliman handle collaboration across different time zones for this role?
Milliman emphasizes strong collaboration skills, including the ability to work effectively with geographically diverse offices and a willingness to work offset hours occasionally to accommodate different time zones. This is a key attribute for this global role.
Are there any preferred certifications for the IS Analyst- Vulnerability Management role at Milliman?
Yes, Milliman prefers candidates with one or more relevant certifications such as CISSP, CEH, CompTIA Security+, or Qualys VMDR. These certifications demonstrate a commitment to professional development in information security.
What is the career path for an IS Analyst- Vulnerability Management at Milliman?
While specific paths vary, this role provides a strong foundation in cybersecurity. Career progression could lead to senior analyst roles, security management positions, or specialization in areas like ethical hacking or incident response within Milliman's GCS IS team.
How does Milliman's IS Analyst- Vulnerability Management contribute to the company's overall security posture?
This role is critical in proactively identifying and mitigating security risks by managing vulnerabilities. By ensuring systems are secure and compliant, the IS Analyst- Vulnerability Management directly contributes to protecting Milliman's data and maintaining client trust.