Vulnerability & Patch Management Analyst
Indexed description
ABOUT THE JOB
Join our Information Security team to standardize patch governance, improve risk reduction, and enhance operational resilience. This hands-on role is ideal for a junior manager with strong technical skills and a passion for operational security.
Your Missions
- Track vendor advisories (Microsoft, Red Hat, Apple, Adobe, Cisco, VMware, browser vendors)
- Analyze CVEs, CVSS/EPSS scores, exploit maturity, KEV catalog entries, and asset exposure
- Recommend prioritization for patching based on risk and business impact
- Review patch metadata, supersedence, prerequisites, and rollback strategy
- Coordinate patch validation in UAT/Pilot rings; verify functional and security outcomes
- Document test cases, exceptions, application compatibility notes, and sign-off criteria
- Ensure maintenance window discipline, change records, and communications are tracked
- Run and validate post-patching scans (Qualys, Tenable, Rapid7, Defender for Endpoint)
- Investigate residual vulnerabilities, misconfigurations, failed installs, and drifts
- Contribute to SOPs, standards, and ring & rollback methodologies
ABOUT YOU
- Bachelor’s Degree or equivalent practical experience
- 2–4 years of experience in Information Security, Endpoint Engineering, or Vulnerability Management
- Hands-on experience with patch management technologies: Windows: WSUS, SCCM/MECM, Intune, Defender for Endpoint; Linux: Red Hat Satellite, YUM/DNF/APT, Ansible; macOS: Jamf Pro, macOS update frameworks; Endpoint/Server Management: Ivanti, Tanium
- Experience with vulnerability scanning and assessment tools such as Qualys, Tenable, Rapid7, or Nessus
- Strong understanding of vulnerability management concepts including CVEs, CVSS, EPSS, KEV, exploit chains, and compensating controls
- Familiarity with ITIL/change management processes, maintenance windows, and rollback planning
- Strong documentation, reporting, and stakeholder communication skills, including proficiency in Excel and/or Power BI
- Good English communication skills
- Preferred Certifications: candidates with one or more of the following certifications will have an advantage: CompTIA Security+; Azure Security Engineer; RHCSA; ITIL Foundation; Associate CISSP
WHY AMARIS?
- Competitive salary and 13th-month salary
- 14+ annual leaves per year
- Premium healthcare insurance, starting from your probation period
- Project reviews and yearly performance appraisals
- Annual company trips
- Teambuilding activities: Team lunch/dinner, events, and celebrations, sports clubs (football, yoga, badminton, etc.)
- International team with flexible working time
- Tailor-made career path
- Technical workshops and training courses
- Mobility: Opportunities to be on-site abroad in our offices in over 60+ countries
Amaris Consulting is proud to be an equal-opportunity workplace. We are committed to promoting diversity within the workforce and creating an inclusive working environment. For this purpose, we welcome applications from all qualified candidates regardless of gender, sexual orientation, race, ethnicity, beliefs, age, marital status, disability, or other characteristics.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search