Senior Vulnerability Management Analyst

About RedHerd

RedHerd is a specialist cybersecurity recruitment firm connecting elite security professionals with leading organisations across the globe. We partner with clients who value technical depth, curiosity, and impact, helping them build high-performing teams that defend, innovate, and shape the future of cybersecurity.

About the Client

Our client is a global cybersecurity consultancy and managed security services provider operating across multiple continents. They deliver advanced threat management, vulnerability operations, and exposure management capabilities for some of the world's most recognised enterprises. The South African division plays a central role in global service delivery, offering a collaborative environment focused on innovation, skill growth, and excellence in security operations.

Role Overview

As a Senior Vulnerability & Exposure Management Analyst, you'll lead the delivery and continuous improvement of vulnerability and exposure management services across both cloud and on-premises environments. You'll design and maintain scanning architectures, validate and analyse findings, and provide actionable advice on prioritisation and remediation.

This position is ideal for a technically strong security professional who enjoys both hands-on analysis and guiding others. You'll work closely with global teams, contribute to compliance initiatives, and help shape the evolution of exposure management practices.

Key Responsibilities

• Lead customer engagements from discovery through delivery, ensuring high-quality outcomes and reporting.

• Design, configure, and operate authenticated and unauthenticated vulnerability scans across hybrid infrastructures.

• Validate results, remove false positives, and deliver clear technical and executive-level reporting.

• Perform targeted manual validation and limited exploit testing where required.

• Deliver compliance scanning and quarterly reporting; coordinate remediation and retesting cycles.

• Advance exposure management capabilities, including asset discovery, prioritisation, and continuous threat exposure management (CTEM).

• Conduct technical workshops and stakeholder briefings, translating findings into business-aligned recommendations.

• Automate recurring tasks and integrate data with ITSM, CMDB, and other security platforms via APIs.

• Contribute to playbooks, runbooks, and overall service maturity.

• Provide pre-sales or scoping support and represent the organisation at client sessions or industry events.

Supervisory Scope

• No direct reports, but provides leadership, mentorship, and quality assurance to analysts.

Minimum Requirements

• 3–5 years in information security, with at least 2 years in vulnerability or exposure management.

• Proficiency with one or more major scanning platforms (e.g., Qualys, Tenable/Nessus, Rapid7).

• Strong analytical and reporting skills; able to communicate effectively across technical and business audiences.

• Solid understanding of CVSS, networking, OS fundamentals, and patch/configuration management.

• Experience or exposure to cloud environments (AWS, Azure, or GCP).

• Familiarity with compliance or regulatory processes (e.g., PCI or similar frameworks).

Preferred Skills

• Experience with EASM tooling, CTEM practices, or container/Kubernetes security.

• Scripting or automation experience (Python, PowerShell) and API integration.

• Certifications such as OSCP, GPEN, CEH, CISSP, CCSP, or cloud security credentials.

• Experience supporting proposals, workshops, or pre-sales engagements.

Personal Attributes

• Analytical, organised, and detail-oriented with strong prioritisation skills.

• Excellent communicator and presenter with stakeholder engagement experience.

• Proactive, curious, and collaborative — demonstrates a "hacker mindset."

• Integrity, composure, and persistence under pressure.

Work Model

• South Africa-based hybrid position.

• Occasional travel to client sites and industry events.

• Flexibility for change windows and global time zones as required.

---