Job Description:

Vulnerability Management & Control Efficacy Analyst
The Role
Quantify security effectiveness by moving from qualitative assessments to data-driven risk modeling. You will bridge the gap between technical vulnerability data and financial risk, ensuring that control failures and security gaps are measured, prioritized, and remediated based on their actual business impact.
Key Responsibilities
⦁    Quantitative Risk Modeling: Run Monte Carlo simulations to calculate Annual Loss Expectancy (ALE) and use Bayesian inference to update risk probabilities based on internal vulnerability telemetry and external evidence.
⦁    Vulnerability Life Cycle & Analysis: Collate and track vulnerabilities in a centralized platform, mapping them directly to the corporate security risk register across all divisions.
⦁    Perform multi-dimensional analysis to determine prioritization scores, determining which vulnerabilities require immediate correction based on Threat Intelligence, vulnerability intelligence, and aggregated incident response data.
⦁    Streamline and optimize various vulnerability management processes to reduce &34;Mean Time to Remediate&34; (MTTR).
⦁    Governance & Escalation: Support the Security Governance Department with remediation follow-up; continuously monitor risk posture and escalate major risks that exceed the company&39;s risk appetite.
⦁    Control Efficacy: Use Linear Regression to correlate vulnerability metrics (e.g., patch latency) with business downtime and financial loss.
⦁    AI Automation: Apply AI Prompt Engineering to automate KRI/KPI generation using Python/SQL and to interpret complex statistical outputs for executive reporting.
Required Qualifications
⦁    Experience: 4&43; years in Cybersecurity, Vulnerability Management, or Quantitative Risk.
⦁    Statistics: Understanding of probability distributions (Lognormal, Poisson, Beta) and statistical significance (p-values, $R^2$).
⦁    Technical Skills: Proficiency in Python or R for data modeling and SQL for querying security telemetry.
⦁    Vulnerability Expertise: Deep understanding of the vulnerability management life cycle, prioritization frameworks (CVSS, EPSS), and technical control failure modes.
Preferred Qualifications
⦁    Frameworks: Proficiency with FAIR (Factor Analysis of Information Risk).
⦁    Cloud: Experience managing security controls in AWS, Azure, or GCP.
⦁    Certifications: CRISC, CISM, or CISSP.
Expected Attributes in a potential Candidate:
1.    Adaptive Flexibility: Pivots effectively in response to shifting priorities and organizational change.
2.    Intellectual Humility: Values external expertise and prioritizes the best solution over personal ego.
3.    Accountability: Takes full ownership of outcomes and focuses on remediation rather than excuses.
4.    Critical Thinking: Analyzes objective data to make informed, logical business decisions.
5.    Resiliency: Maintains consistent performance and a solution-oriented mindset under high pressure.
6.    Effective Communication: Distills complex ideas into clear, actionable information for all stakeholders.
7.    Collaborative Orientation: Prioritizes cross-functional goals and team success over individual recognition.
8.    Solution-Focused Initiative: Proactively identifies challenges and presents viable resolutions independently.
9.    Emotional Intelligence: Navigates interpersonal dynamics with self-awareness and professional tact.
10.    Continuous Improvement: Actively seeks feedback and upskilling opportunities to refine performance.
 

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Employment Type:

-------

Experience Level:

Job Family:

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom&64;airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.