Information Security Vulnerability Analyst
Job description
JSC Bank of Georgia is a leading Commercial Bank. We are committed to delivering secure and reliable financial services/products to our customers. As part of our ongoing commitment to cyber security, we are seeking an Information Security Vulnerability Analyst to join our growing team. As an Information Security Vulnerability Analyst , you will play a crucial role in ensuring the security of the Bank’s infrastructure. You will work closely with the development and IT teams to identify, assess, and remediate server’s/application’s vulnerabilities. This is an excellent opportunity for a passionate individual who wants to kick-start their career in cyber security field and develop their expertise in a dynamic environment. Information Security Vulnerability Analyst Conduct comprehensive security assessments including vulnerability scans, security architecture reviews on networks, systems, and applications. Analyze and interpret vulnerability scan results, identifying, prioritizing, and tracking critical vulnerabilities through remediation. Research and stay current with emerging vulnerabilities, attack techniques, and application security trends to proactively identify risks. Collaborate with cross-functional teams to provide security guidance, best practices, and ensure timely vulnerability remediation. Implement, maintain, and optimize vulnerability scanning and application security tools, automation scripts, and supplementary utilities. Contribute to reporting mechanisms to track security posture and remediation progress. Required Key Qualifications: Understand IT infrastructure architecture and systems (networks, OS, cloud, databases, applications) to effectively identify and prioritize security vulnerabilities. Understanding of vulnerability types and exploitation techniques Experience with vulnerability management and security testing tools (e.g., Nessus, OpenVAS, and related tools) Identify and assess Active Directory (AD) misconfigurations and vulnerabilities including weak password policies, excessive permissions, privilege escalation risks, and Kerberos weaknesses. Strong understanding of CVSS scoring system and vulnerability prioritization Familiarity with multiple operating systems (Windows, Linux, macOS) and their security configurations Hands-on experience with scripting languages (Python, Bash, PowerShell) Strong analytical, problem-solving, communication, and collaboration skills Preferred Knowledge of cloud security (AWS, Azure, GCP) and Kubernetes/container security Familiar with DevSecOps, security automation, and CI/CD pipeline security Knowledge of offensive security practices and penetration testing methodologies (e:g. Verify DAST findings to filter out false positives) Knowledge of Infrastructure as Code (IaC) security Understanding software development lifecycle (SDLC) Relevant certifications (e.g: CEH, CySA+, Security+, eJPT, or similar) Join our team and be part of an exciting journey to ensure the security of our applications and protect our customers' data. Apply now and contribute to making a positive impact on our organization's security posture. The deadline is July 20.