Top Benefits
About the role
Summary The VMaaS Analyst is responsible for supporting the delivery and operation of Vulnerability Management as a Service. This includes identifying, analyzing, prioritizing, and reporting vulnerabilities across client environments or internal systems. The analyst ensures timely remediation and maintains compliance with relevant security frameworks. This role is critical in reducing risk exposure and enhancing the organization’s overall security posture.
Duties And Responsibilities
- Operate and maintain vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, etc.)
- Perform regular vulnerability assessments across on-premise and cloud environments.
- Analyze scan results to identify false positives and prioritize true findings based on risk.
- Develop and deliver vulnerability reports and dashboards tailored to technical and non-technical audiences.
- Collaborate with system owners, IT teams, and application developers to track remediation efforts and provide guidance on fixes.
- Monitor threat intelligence and CVE feeds to stay current on emerging vulnerabilities.
- Support the tuning of scanning tools to improve detection accuracy and performance.
- Ensure service-level agreements (SLAs) for vulnerability management are met.
- Maintain docum entation for processes, playbooks, and customer engagement models.
- Assist in audits and compliance efforts (e.g., PCI-DSS, ISO 27001, NIST CSF).
- Participate in incident response efforts related to newly disclosed or exploited vulnerabilities.
- Contribute to continuous improvement of the VMaaS offering.
Qualifications
- Bachelor's degree in Computer Science , Cybersecurity, Information Technology, or related field; or equivalent work experience.
- 2+ years of experience in vulnerability management or cybersecurity operations.
- Hands-on experience with one or more vulnerability management tools (e.g., Tenable.io, Qualys, Rapid7 InsightVM ).
- Solid understanding of network protocols, operating systems, and web applications.
- Familiarity with CVSS, NIST NVD, MITRE ATT&CK, and vulnerability scoring.
- Strong analytical, organizational, and problem-solving skills.
- Ability to interpret technical findings and communicate risks effectively.
- Bilingual: English and French in order to respond effectively to our customers and colleagues outside of QC.
Preferred
- Experience with cloud platforms (AWS, Azure, GCP) and their security services.
- Knowledge of patch management and secure configuration practices.
- Certifications such as CompTIA Security+, CEH, OSCP, or GIAC GSEC/GCIH.
- Familiarity with ticketing systems (e.g., ServiceNow, Jira) and SIEM tools (e.g., Splunk).
Why come to GoSecure? 3 weeks vacation, 5 personal days
14 paid statutory Holidays
Collective insurance: health, vision, dental, disability, life, travel
Employee Assistance Program (Dialogue)
RSP and employer matching contribution
Peers recognition program and other bonuses given along the year
Company stock options
GoSecurian perks
Young and dynamic team always looking to be better
and much more!
About GoSecure
GoSecure is a recognized cybersecurity leader, delivering innovative managed Extended Detection and Response (MXDR) solutions and expert advisory services. GoSecure Titan® managed security solutions deliver multi-vector protection to counter modern cyber threats through a complete suite of offerings that extend the capabilities of our customers’ in-house teams. GoSecure Titan Managed Extended Detection and Response (MXDR) offers a best-in-class mean-time-to-respond, with comprehensive coverage across customers’ networks, endpoints, and inboxes. For over 10 years, GoSecure has been helping customers better understand their security gaps, improve organizational risk, and enhance security posture through advisory services provided by one of the most trusted and skilled teams in the industry. To learn more, visit http://www.gosecure.net
Top Benefits
About the role
Summary The VMaaS Analyst is responsible for supporting the delivery and operation of Vulnerability Management as a Service. This includes identifying, analyzing, prioritizing, and reporting vulnerabilities across client environments or internal systems. The analyst ensures timely remediation and maintains compliance with relevant security frameworks. This role is critical in reducing risk exposure and enhancing the organization’s overall security posture.
Duties And Responsibilities
- Operate and maintain vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, etc.)
- Perform regular vulnerability assessments across on-premise and cloud environments.
- Analyze scan results to identify false positives and prioritize true findings based on risk.
- Develop and deliver vulnerability reports and dashboards tailored to technical and non-technical audiences.
- Collaborate with system owners, IT teams, and application developers to track remediation efforts and provide guidance on fixes.
- Monitor threat intelligence and CVE feeds to stay current on emerging vulnerabilities.
- Support the tuning of scanning tools to improve detection accuracy and performance.
- Ensure service-level agreements (SLAs) for vulnerability management are met.
- Maintain docum entation for processes, playbooks, and customer engagement models.
- Assist in audits and compliance efforts (e.g., PCI-DSS, ISO 27001, NIST CSF).
- Participate in incident response efforts related to newly disclosed or exploited vulnerabilities.
- Contribute to continuous improvement of the VMaaS offering.
Qualifications
- Bachelor's degree in Computer Science , Cybersecurity, Information Technology, or related field; or equivalent work experience.
- 2+ years of experience in vulnerability management or cybersecurity operations.
- Hands-on experience with one or more vulnerability management tools (e.g., Tenable.io, Qualys, Rapid7 InsightVM ).
- Solid understanding of network protocols, operating systems, and web applications.
- Familiarity with CVSS, NIST NVD, MITRE ATT&CK, and vulnerability scoring.
- Strong analytical, organizational, and problem-solving skills.
- Ability to interpret technical findings and communicate risks effectively.
- Bilingual: English and French in order to respond effectively to our customers and colleagues outside of QC.
Preferred
- Experience with cloud platforms (AWS, Azure, GCP) and their security services.
- Knowledge of patch management and secure configuration practices.
- Certifications such as CompTIA Security+, CEH, OSCP, or GIAC GSEC/GCIH.
- Familiarity with ticketing systems (e.g., ServiceNow, Jira) and SIEM tools (e.g., Splunk).
Why come to GoSecure? 3 weeks vacation, 5 personal days
14 paid statutory Holidays
Collective insurance: health, vision, dental, disability, life, travel
Employee Assistance Program (Dialogue)
RSP and employer matching contribution
Peers recognition program and other bonuses given along the year
Company stock options
GoSecurian perks
Young and dynamic team always looking to be better
and much more!
About GoSecure
GoSecure is a recognized cybersecurity leader, delivering innovative managed Extended Detection and Response (MXDR) solutions and expert advisory services. GoSecure Titan® managed security solutions deliver multi-vector protection to counter modern cyber threats through a complete suite of offerings that extend the capabilities of our customers’ in-house teams. GoSecure Titan Managed Extended Detection and Response (MXDR) offers a best-in-class mean-time-to-respond, with comprehensive coverage across customers’ networks, endpoints, and inboxes. For over 10 years, GoSecure has been helping customers better understand their security gaps, improve organizational risk, and enhance security posture through advisory services provided by one of the most trusted and skilled teams in the industry. To learn more, visit http://www.gosecure.net