Vulnerability Management Analyst

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life - such as energy, infrastructure, chemicals and minerals - safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you Find out more at

AVEVA Careers


For more information about our privacy policy and how to manage cookies, visit our

Privacy Policy


Job name: Vulnerability Management Analyst

Organization/department: CISO (Security)

Reports to: Head of Vulnerability Management

Job Overview:
The AVEVA Security team are seeking a skilled individual to join a high performing global vulnerability management team.

The Vulnerability Management Analyst is responsible for proactively identifying and managing the remediation of vulnerabilities affecting AVEVA’s infrastructure and services. This role requires a broad technical understanding and to be responsible for vulnerability detection, assessment and driving vulnerability remediation across the organisation.

Roles and Responsibilities:
- Conduct vulnerability assessments to identify known vulnerabilities and configuration weaknesses and assess the effectiveness of existing controls and recommends remedial action.- Maintain current knowledge and understanding of the threat landscape and emerging security threats and vulnerabilities.- Analyze risks associated with vulnerabilities, provide detailed reporting, and recommend actionable remediation strategies- Support compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks.- Serve as an escalation point on issues, dependencies, and risks related to vulnerability scanning and security testing.- Collaborate with multiple stakeholders to prioritize vulnerabilities based on severity, impact, and exploitability.- Support the development of AVEVA’s Vulnerability management policy, process, and procedures.- Managing the end-to-end vulnerability lifecycle from discovery to closure ensuring the relevant resolver team put in place a plan and timely remediation working with both managed service providers and internal IT and Information Security staff.- Utilising information from external vulnerability reporting tools such as Bitsight, RiskRecon, Security Scorecard and vendor vulnerability briefings determine the priority of remediations needed across the AVEVA estate.- Manage security assessment processes, including performing, tracking remediation, validating controls, measuring residual risk, and writing reports.- Coordinate and oversee remediation efforts to ensure timely and effective resolution of security vulnerabilities.

Qualifications/ Experience:
Educational Qualifications and Experience- Minimum of 5 years information and cyber security experience, and experience in IT Vulnerability Management.- Experience using vulnerability scanning tools such as Qualys, Tenable, Rapid7 and vulnerability management platforms (RiskVision, Kenna Security).- Experience managing vulnerability management findings/services for cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud Platform).- Strong understanding of vulnerability management practices and methodologies. Knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).-
- Working knowledge of one or more of the following - cloud technologies, internet security, networking protocols or experience with software development.- Strong analytical skills and ability to identify advanced vulnerability threats.- Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.- Knowledge of and experience in developing and documenting security processes and plans.- Knowledge and experience with implementing common information security management frameworks, such as International Organization for Standardization (ISO) 2700x series, AICPA SOC2 (Service Organization Control), ITIL, COBIT and National Institute of Standards and Technology (NIST) or Centre for Internet Security (CIS) frameworks would be advantageous.

Technical Competency- Having knowledge and experience with as many of the following areas and tools is desired:
- Security certifications such as CEH, GPEN, Security+.-
- Understanding of firewall & networking devices (Cisco, Palo Alto, Checkpoint).-
- Understanding of desktop and server infrastructure (Microsoft, Linux, MacOS).-
- Vulnerability Management tools (Qualys, Tenable/Nessus, Rapid 7 Nexpose).-
- Security rating services such as BitSight, S