Managed Services - Cybersecurity Vulnerabilities Management - Senior Associate

Line of Service

Internal Firm Services

Industry/Sector

Not Applicable

Specialism

IFS - Internal Firm Services - Other

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in managed services focus on a variety of outsourced solutions and support clients across numerous functions. These individuals help organisations streamline their operations, reduce costs, and improve efficiency by managing key processes and functions on their behalf. They are skilled in project management, technology, and process optimization to deliver high-quality services to clients. As a managed service delivery generalist at PwC, you will execute outsourced processes, such as client and customer interaction; data review, enrichment and processing; implementing and monitoring quality controls; and resolving escalations and queries.

• Job Details

• Job Summary:

  What does this role aim to achieve in the firm/what impact does the role create

  This role is critical in ensuring our clients IT environments are secure by identifying, analyzing, and managing vulnerabilities across their systems and networks. The ideal candidate will have hands-on experience with industry-leading vulnerability management tools, a strong understanding of security frameworks, and expertise in applying methodologies to drive effective vulnerability remediation.

  Roles and Responsibilities:

  Daily tasks and delivery expectation

  • Vulnerability Assessments: Conduct regular vulnerability scans and assessments using tools such as Tenable, Qualys, and MS Defender Vulnerability Management, ensuring comprehensive coverage of client environments.

  • Analysis and Prioritization: Analyze scan results, prioritize vulnerabilities based on risk level, and collaborate with clients to establish remediation timelines.

  • Remediation Support: Work closely with client IT teams to guide and support vulnerability remediation efforts, leveraging methodologies such as the MITRE ATT&CK framework to contextualize threats and risk.

  • Reporting and Documentation: Prepare detailed vulnerability reports, including metrics, trends, and recommendations, tailored to client requirements and aligned with regional compliance standards.

  • Process Improvement: Continuously enhance vulnerability management processes and methodologies to improve efficiency, accuracy, and effectiveness.

  • Client Collaboration: Act as a trusted advisor to clients, ensuring alignment with their security objectives and maintaining strong communication throughout vulnerability management engagements.

  • Leverage automation tools and integrations to reduce manual efforts and enhance the effectiveness of GRC processes.

  Awareness Program Support (Secondary Focus):

  • Provide supplementary support for managed cybersecurity awareness programs using tools like KnowBe4, CoFense, and ProofPoint, when required.

  • Assist in integrating awareness components into broader GRC frameworks to enhance organizational security culture.

  Expected Skills:

  Specific learned abilities or technical skills

  • Hands-on experience with vulnerability management tools, particularly Tenable, Qualys, and MS Defender VM.

  • Knowledge of vulnerability assessment methodologies, patch management processes, and threat modeling.

  • Understanding of industry frameworks such as CVSS (Common Vulnerability Scoring System) and security standards like ISO 27001 and NIST.

  • Familiarity with industry frameworks and standards, including:

    • CVSS (Common Vulnerability Scoring System)

    • ISO 27001 and NIST Cybersecurity Framework (CSF)

    • CIS Controls for secure configurations and benchmarks

    • MITRE ATT&CK for threat context and analysis

    • OWASP standards for web application vulnerabilities

  • Basic scripting knowledge and skills (PowerShell, Python, etc.).

  • Strong analytical skills to interpret scan results and provide actionable insights.

  • Excellent communication and reporting skills, with the ability to explain technical findings to non-technical stakeholders.

  • Collaborative mindset to work effectively with client teams and internal stakeholders.

  • Proactive and detail-oriented, with a commitment to delivering high-quality work..

  Expected Competencies:

  Values, behaviors & attitude

  • Leadership

  • Strategic mindset

  • Stakeholder management

  • Ability to influence

  • Communicate with impact

  • Project management

  • Results driven

  • Drive organizational excellence

  Required Language Skills: Proficient in written and spoken English. Arabic is a plus

  Minimum Education and Specific Qualification:

  • Bachelors degree in Cybersecurity, Information Technology, or a related field.

  • Relevant certifications such as CompTIA Security+, CEH, or equivalent.

  • 3-4 years of experience in vulnerability management or a related cybersecurity role.

  Years of Experience: 3-4 years

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Business Process Outsourcing, Claims Performance Management, Communication, Complaint Management, Compliance Auditing, Compliance Review, Contract Review, Corrective Actions, Creativity, Customer Data Management (CDM), Customer Due Diligence, Customer Handling, Data Entry, Data Quality, Data Quality Assessment, Delivery Excellence, Embracing Change, Emotional Regulation, Empathy, Inclusion, Intellectual Curiosity {+ 20 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

No

Government Clearance Required?

No