Orange Cyberdefense is a leading cyber security services and solutions provider, and we are currently looking for a Vulnerability Management Analyst to join the Vulnerability Operations Centre in Pretoria.

You will configure and maintain vulnerability assessment tools, as well as performing scans, analyze vulnerabilities, identify relevant threats, summarize and report results. We are scanning for example IT infrastructure and webapps. There will also be tasks where you need to help customers in understanding and prioritizing vulnerabilities, as well as in identifying and resolving any false positive findings in assessment results. You will be an important resource in our professional service delivery and an integrated part of our team.

Job purpose

Lead the delivery and evolution of Vulnerability and Exposure Management services across cloud and on-prem environments. Design and operate scanning architectures, validate and analyze findings, and advise customers on prioritization and remediation. Own the planning and delivery of PCI ASV compliance scans and quarterly reporting. Drive EASM discovery and CTEM practices to reduce risk. Provide leadership across engagements, mentor team members, and continuously improve methods, tooling, and outcomes.

About the team:

The team work with configuring and maintain vulnerability assessment tools, as well as performing scans, research and analyze vulnerabilities, identify relevant threats, summarize and report results. We also help our customers understanding and prioritizing vulnerabilities, as well as in identifying and resolving any false positive findings in assessment results. The team is an important resource in our professional service delivery. Knowledge sharing, and collaboration is done continuously between team members to improve our way of working and further develop individual competence levels.

Key responsibilities (summary)

• Lead customer engagements end-to-end (discovery, design, delivery, QA, reporting).
• Design, configure, and operate authenticated/unauthenticated scans across cloud and on-prem.
• Validate findings, remove false positives, and produce clear technical and executive reports.
• Perform targeted manual validation and light testing to confirm exploitability where needed.
•  Deliver PCI ASV scans and quarterly reports; coordinate remediation and retesting with clients.
• Evolve exposure management: asset discovery (EASM), prioritization (CVSS/EPSS/KEV), and CTEM cycles.
• Run workshops and briefings; translate technical issues into business-focused recommendations.
• Automate routine tasks and integrate data with ITSM/CMDB and security platforms via APIs.
• Contribute to playbooks, runbooks, and service improvements; support pre-sales when required.

• Represent the company at client sessions and occasional industry events.

Supervisory requirements

• No direct reports; provides engagement leadership, QA/review, and mentoring to analysts.

Minimum requirements

• 3–5 years in information security, including 2+ years in vulnerability management/exposure management.
• Hands-on experience with at least one major scanning platform (Qualys, Tenable/Nessus, or Rapid7).
• Strong analysis and reporting skills; able to explain findings to both technical and business audiences.
• Working knowledge of CVSS, basic networking/OS concepts, and secure configuration/patch processes.
• Exposure to cloud environments (e.g., AWS/Azure/GCP) or willingness to upskill quickly.
• Familiarity with PCI processes; experience with PCI ASV delivery preferred, or willingness to obtain.

Nice to have

•  Experience with EASM tooling, CTEM practices, or container/Kubernetes security.
• Basic scripting/automation (e.g., Python or PowerShell) and API integrations.
• Certifications such as OSCP/GPEN/CEH, CISSP/CCSP, or cloud security credentials.
• Experience supporting proposals, scoping, or pre-sales workshops.

Personal attributes

• Analytical, detail-oriented, and organized; able to prioritize effectively.
• Clear communicator with strong presentation and stakeholder management skills.
• Proactive, collaborative, and curious; “hacker mindset” for creative problem-solving.
• Integrity, persistence, and calm under pressure; strong active listening.

Work model

• South Africa-based, hybrid work model.
• Occasional travel to customer sites and events.
• Flexibility for change/maintenance windows and varied customer time zones when required.