Information Security Vulnerability Analyst and

**Job Purpose** The Information Security Vulnerability Analyst and Consultant is responsible for identifying, assessing, and mitigating security vulnerabilities within an organization's information systems and infrastructure. This role requires a strong understanding of security principles, risk management, and industry best practices. The analyst will work closely with internal teams and clients to provide recommendations and guidance to strengthen the overall security posture. **Business Unit - **Consulting **Location** Performanta South Africa (Midrand) - Hybrid Remote **Formal Qualifications** Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus. **Knowledge & Experience** 3 to 5 years working experience in information security. Strong knowledge of information security principles, concepts, and best practices. Familiarity with implementing and managing vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7) and basic penetration testing methodologies. Experience in conducting vulnerability assessments, basic penetration tests, and security risk analysis. Understanding of common system and network vulnerabilities and the ability to recommend effective mitigation strategies. Proficient in interpreting vulnerability scan results and generating comprehensive reports. Knowledge of industry standards and frameworks such as ISO 27001, NIST, or CIS Controls. Excellent analytical and problem-solving skills, with the ability to think strategically and identify potential risks. Strong communication and presentation skills to effectively convey complex security concepts to technical and non-technical audiences. Experience with incident response procedures and processes is desirable. R**eporting Structure** Reporting into the head of Consulting **Operating Level Requirements (Scope, Responsibilities, Skills and Attributes)** Vulnerability Assessments: Conduct regular vulnerability assessments of information systems and infrastructure using automated scanning tools and manual techniques. vulnerability scan results and identify potential security weaknesses and exposures. Research and stay updated on the latest vulnerabilities and emerging threats. Security Risk Analysis: Evaluate the impact and likelihood of identified vulnerabilities to determine the level of risk they pose. Provide risk analysis reports to management, highlighting potential security gaps and recommended remediation actions. Collaborate with stakeholders to develop risk mitigation strategies and prioritize remediation efforts. Vulnerability Management: Develop and maintain a vulnerability management program, including the tracking and monitoring of vulnerabilities and their remediation progress. Assist in the development and implementation of security policies, standards, and procedures. Collaborate with system administrators and IT teams to ensure timely remediation of identified vulnerabilities. Security Consulting: Provide expert advice and guidance to internal teams and clients on information security best practices and vulnerability management. Assist in the design and implementation of security controls, processes, and technologies to enhance the overall security posture. Conduct security awareness training and workshops for employees and stakeholders. Incident Response Support: Collaborate with incident response teams during security incidents to analyze vulnerabilities and identify potential entry points. Provide expertise in assessing and remediating vulnerabilities related to security incidents. Astute knowledge and understanding of the Performanta vision, strategy and customer/member value proposition. Is creative and innovative and always seeks opportunities for ongoing improvement of the relationship between the team and various stakeholders. Ability to manage multiple priorities effectively within a fast-paced environment. Excellent organizational skills and string attention to detail. Strong ability to communicate effectively with all stakeholders face-to-face or electronically. Is articulate and communicates in a logical way and structures information to meet the needs and understanding of intended audiences. Expresses opinions, information and key points of view clearly and assertively Is confident in conceptualizing, building and presenting plans related presentations Anticipates and responds appropriately to the needs, reactions and feedback of an audience. Good networker. Open, flowing communication is important Position requires working with and through others, especially in a helping role There is a need for a persuasive, "selling" (rather than "telling") communication style Strong knowledge of IT Security Standards and Best Practices. Good computer skills in Microsoft Word, and Excel is essential. Strong computer skills to manage and implement security toolsets Analytical skills Abi