Threat and Vulnerability Management Analyst

Raise • Full-time • Vancouver, British Columbia, Canada • C$ 74 / hour • 3d ago

Threat and Vulnerability Management Analyst

Pay Rate: $74.55/hour, depending on experience
Contract Length: 1 Year
Location: Vancouver, British Columbia

Raise is currently hiring a Threat and Vulnerability Management Analyst on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client, is one of the largest electrical energy suppliers in Canada.

Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.

Responsibilities

Conduct risk analysis to assess likelihood, impact, and severity of threats and vulnerabilities.
Develop and communicate remediation and mitigation advisories for key stakeholders.
Support investigations into exposure and risk across IT and OT environments.
Analyze threat intelligence reports and monitor security advisories to identify and respond to emerging threats, including zero-day vulnerabilities and vendor advisories.
Collaborate with the SOC team to advance threat hunting practices and incident management.
Generate regular reports on endpoint security status, vulnerabilities, and compliance with standards.
Track and report vulnerability metrics to support risk awareness and decision-making across the organization.
Develop and maintain documentation to support threat and vulnerability standards, policies, and procedures.
Design and implement workflows and processes for vulnerability response, remediation, and mitigation, ensuring cross-functional team responsibilities are clearly defined.
Compose reports on trending threat campaigns, including objectives, techniques, and mitigation strategies.
Summarize security advisories and threat actor tactics, techniques, and procedures (TTPs) targeting critical infrastructure.
Communicate risk responses and vulnerability information to affected stakeholders and business units.
Work with risk owners to address vulnerabilities and support exposure and risk investigations.
Develop and document Use Cases and Playbooks for threat and vulnerability monitoring and response.
Workflow development and creation of process driven vulnerability response requirements
Analyze threat trends and provide actionable insights to improve security posture. Identify gaps, and recommend enhancements, in existing vulnerability and TI processes to approve efficiency and effectiveness.

Qualifications

5 years of experience in cybersecurity, with a focus on treat and vulnerability analysis
Strong written and verbal communication skills, with the ability to clearly convey complex information to both technical and non-technical audiences.
Solid understanding of cybersecurity frameworks e.g., NIST, CIS Controls ISO/IEC 27001
Familiarity with the full spectrum of threat intelligence—tactical, operational, and strategic—and how each supports different layers of defense and decision-making.
Experience with vulnerability assessment, scanning, and management tools and processes.
Experience using a threat intelligence platform to manage, enrich, and operationalize threat data
Proven ability to collaborate effectively across IT, security, and business unit teams in a cross-functional environment.
Strong problem-solving and critical thinking skills, with a proactive and analytical mindset.
Knowledge and experience with
- Tenable One, SC, and IO
- Microsoft Defender Endpoint and Vulnerability Management
- Microsoft Security Exposure Management
- Microsoft Defender for Cloud and Container Security
- ServiceNow Security Incident Response (IR) and Vulnerability Response (VR)
- Microsoft SharePoint Platform Expertise is an asset
Preferred Education & Certifications:
Bachelor's degree in Cybersecurity, Information Technology, or a related field.
Certificated in at least one of the following areas, is considered an asset:
- Certified Information Systems Security Professional (CISSP)
- Certified Threat Intelligence Analyst (CTIA)
- Certified Ethical Hacker (CEH)
- GIAC Cyber Threat Intelligence (GCTI)
- CompTIA Cybersecurity Analyst (CySA+)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Penetration Tester (GPEN)

Additional Information

Every contractor must supply their own Windows 11 Laptop computer for the duration of the assignment.

Every contractor must supply their own “Smart Phone”. This is needed to gain access to the Organizations network.

Looking for meaningful work? We can help!

Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.

We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.

We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/

In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com.