Threat and Vulnerability Management Analyst - 00758

Our utilities client is seeking a Threat and Vulnerability Management Analyst - 00758

Initially a 12-months contract. Hybrid in Downtown Vancouver. 37.5 hours/week.

Must Have:

• 5 years of experience in cybersecurity, with a focus on treat and vulnerability analysis

• Solid understanding of cybersecurity frameworks e.g., NIST, CIS Controls ISO/IEC 27001

• Experience with at least 2 the following technologies:

• Tenable One, SC, and IO

• Microsoft Defender Endpoint and Vulnerability Management

• Microsoft Security Exposure Management

• Microsoft Defender for Cloud and Container Security

• ServiceNow Security Incident Response (IR) and Vulnerability Response (VR)

• Familiarity with the full spectrum of threat intelligence-tactical, operational, and strategic-and how each supports different layers of defense and decision-making.

• Experience with vulnerability assessment, scanning, and management tools and processes.

• Experience using a threat intelligence platform to manage, enrich, and operationalize threat data

Duties

· Conduct risk analysis to assess likelihood, impact, and severity of threats and vulnerabilities.

· Develop and communicate remediation and mitigation advisories for key stakeholders.

· Support investigations into exposure and risk across IT and OT environments.

· Analyze threat intelligence reports and monitor security advisories to identify and respond to emerging threats, including zero-day vulnerabilities and vendor advisories.

· Collaborate with the SOC team to advance threat hunting practices and incident management.

· Generate regular reports on endpoint security status, vulnerabilities, and compliance with standards.

· Track and report vulnerability metrics to support risk awareness and decision-making across the organization.

· Develop and maintain documentation to support threat and vulnerability standards, policies, and procedures.

· Design and implement workflows and processes for vulnerability response, remediation, and mitigation, ensuring cross-functional team responsibilities are clearly defined.

· Compose reports on trending threat campaigns, including objectives, techniques, and mitigation strategies.

· Summarize security advisories and threat actor tactics, techniques, and procedures (TTPs) targeting critical infrastructure.

· Communicate risk responses and vulnerability information to affected stakeholders and business units.

· Work with risk owners to address vulnerabilities and support exposure and risk investigations.

· Develop and document Use Cases and Playbooks for threat and vulnerability monitoring and response.

· Workflow development and creation of process driven vulnerability response requirements

· Analyze threat trends and provide actionable insights to improve security posture. Identify gaps, and recommend enhancements, in existing vulnerability and TI processes to approve efficiency and effectivenes