GoSecure is recognized as a leader and innovator in cybersecurity solutions. The company is the first and only to integrate an Endpoint and Network threat detection platform, Managed Detection and Response services, and Cloud/SaaS delivery. Together, these capabilities provide the most effective response to the increased sophistication of continuously evolving malware and malicious insiders that target people, processes and systems. With focus on innovation quality, integrity, and respect, GoSecure has become the trusted provider of cybersecurity products and services to organizations of all sizes, across all industries globally. To learn more, please visit: https://www.gosecure.net.
GoSecure offers a creative and challenging work environment, a competitive benefit package, and a great atmosphere to foster career growth. Come put your career on the leading-edge and bring your talents to a much sought-after high growth opportunity in technology- GoSecure!
GoSecure is an Equal Opportunity Employer committed to hiring a diverse work team (EEO/AA).

SUMMARY

The VMaaS Analyst is responsible for supporting the delivery and operation of Vulnerability Management as a Service. This includes identifying, analyzing, prioritizing, and reporting vulnerabilities across client environments or internal systems. The analyst ensures timely remediation and maintains compliance with relevant security frameworks. This role is critical in reducing risk exposure and enhancing the organization’s overall security posture.

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent work experience.
• 2+ years of experience in vulnerability management or cybersecurity operations.
• Hands-on experience with one or more vulnerability management tools (e.g., Tenable.io, Qualys, Rapid7 InsightVM).
• Solid understanding of network protocols, operating systems, and web applications.
• Familiarity with CVSS, NIST NVD, MITRE ATT&CK, and vulnerability scoring.
• Strong analytical, organizational, and problem-solving skills.
• Ability to interpret technical findings and communicate risks effectively.
• Bilingual: English and French in order to respond effectively to our customers and colleagues outside of QC.

Preferred:

• Experience with cloud platforms (AWS, Azure, GCP) and their security services.
• Knowledge of patch management and secure configuration practices.
• Certifications such as CompTIA Security+, CEH, OSCP, or GIAC GSEC/GCIH.
• Familiarity with ticketing systems (e.g., ServiceNow, Jira) and SIEM tools (e.g., Splunk).

• Operate and maintain vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, etc.)
• Perform regular vulnerability assessments across on-premise and cloud environments.
• Analyze scan results to identify false positives and prioritize true findings based on risk.
• Develop and deliver vulnerability reports and dashboards tailored to technical and non-technical audiences.
• Collaborate with system owners, IT teams, and application developers to track remediation efforts and provide guidance on fixes.
• Monitor threat intelligence and CVE feeds to stay current on emerging vulnerabilities.
• Support the tuning of scanning tools to improve detection accuracy and performance.
• Ensure service-level agreements (SLAs) for vulnerability management are met.
• Maintain documentation for processes, playbooks, and customer engagement models.
• Assist in audits and compliance efforts (e.g., PCI-DSS, ISO 27001, NIST CSF).
• Participate in incident response efforts related to newly disclosed or exploited vulnerabilities.
• Contribute to continuous improvement of the VMaaS offering.