Threat and Vulnerability Management Analyst


On Site
USD 72,900.00 - 117,300.00 per year
Full Time


Value engineering
Security controls
Vulnerability assessment
Risk management
Corrective and preventive action
Software security
Cyber security
Vulnerability management
Web applications
National Institute of Standards and Technology
Microsoft Windows
Cloud computing
Cloud security

Job Details

Since 1869 we've connected people through food they love. Our history was created by remarkable people, ideas, and innovations. It serves as inspiration and foundation for our future success.

We're proud to be stewards of amazing brands that people trust. Our portfolio includes the iconic Campbell's brand, as well as Michael Angelo's, noosa, Pace, Pacific Foods, Prego, Rao's Homemade, Swanson, and V8. In our Snacks division, we have brands like Cape Cod, Goldfish, Kettle Brand, Lance, Late July, Pepperidge Farm, Snack Factory, and Synder's of Hanover.

We foster a culture of belonging where people come first, and diversity is embraced. And we live our values, always, while setting the highest standards for performance.

Here, you will make a difference every day. You will be part of a dynamic, collaborative, and competitive team. You will be supported to build a rewarding career with opportunities to grow, innovate and inspire. Make history with us.

General Summary:
The TVM Analyst is a key member of our Threat and Vulnerability Management team. This team is responsible for Threat & Vulnerability Management across the organization (including Application Security and Attack Surface Management), and helps to identify, prioritize, and remediate vulnerabilities across various business units.

The Vulnerability Management Analyst will be responsible for scoping, scheduling, scanning, and working with the teams to help remediate any vulnerabilities identified.

The role involves not just hands-on management of various program related activities but also strategically maturing the program that adapts to the evolving cybersecurity landscape.

Primary Responsibilities:
Manage the lifecycle of vulnerabilities from discovery, triage, prioritizing, advising, remediation, and validation.
Improve and automate the existing vulnerability management lifecycle.
Work with the technical and business teams to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
Maintain and administrate vulnerability management platforms.
Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing various platforms.
Provide support and resolution for scanning and vulnerability remediation reporting issues.
Manage tickets to ensure requests, incidents, changes, and issues are remediated within proper timelines.
Follow Attack Surface Management processes to continuously monitor and improve visibility of the attack surface to detect anomalies faster and reduce incidences or potential of cyber-attacks.
Generate comprehensive actionable reports, including detailed findings, and mitigation techniques.

Job Complexity:
Ability to assess newly identified vulnerabilities, determine exposure, investigate solutions, and recommend controls to minimize risks that could arise.
Ability to create effective reports and presentations tailored to different audiences to ensure transparency and understanding of the program.
Ability to troubleshoot credentialed access and vulnerability assessment issues with system administrators.
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
Ability to effectively communicate risk including corrective action plans, and recommendations to non-technical audiences.
Ability to build operational processes using industry best-practice that are tailored to Campbell's organization, system, and processes.
Ability to manage, organize, analyze, and present substantial amounts of data.

Job Specifications:
Education required: Bachelor's Degree preferred
Years of relevant experience: 5+ years of relevant experience

Core Knowledge, Skills, Abilities:
Knowledge of cyber threats and vulnerabilities.
Knowledge of system and application security risks, threats, and vulnerabilities
Knowledge of specific operational impacts of cybersecurity lapses.
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems and web applications. Skill in conducting application vulnerability assessments.
Ability to sift through large data to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
Strong technical knowledge, ability to present and explain technical information in a way that establishes rapport, persuades others, and gains understanding.
Experience with core vulnerability management scanners (e.g., Tenable, Rapid7, Qualys, etc.).
Experience with web application scanners (e.g., Tenable, Rapid7, Netsparker, Burp, etc.).
Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action.
Understanding of common web application frameworks and web-based APIs.
Understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
Stays up to date with current vulnerabilities and vulnerabilities related news in various industries.
Experience working with Windows, Mac, Linux and/or other Unix-like variants.
Demonstrated strong knowledge of networks, desktops, servers, cloud and software as a service technology.
Knowledge of cloud platforms, dynamic cloud environments, and cloud security.

Bonus Points:
Experience with ServiceNow.
Ability to automate and script tasks using your preferred language (e.g., Python,)
Ability to write scripts against common web APIs (REST, SOAP).

Working Conditions:
Normal corporate office environment.
Travel of up to 10-15% as required by project assignment need.
After hours and on-call work as needed.

Compensation and Benefits:

The target base salary range for this full-time, salaried position is between

Individual base pay depends on work location and additional factors such as experience, job-related skills, and relevant education or training. Total pay may include other forms of compensation. In addition, we offer competitive health, dental, 401k and wellness benefits beginning on the first day of employment. Please ask your Talent Acquisition Partner for more information about our total rewards package.

The Company is committed to providing equal opportunity for employees and qualified applicants in all aspects of the employment relationship, including consideration for employment, without regard to race, color, sex, sexual orientation, gender identity, national origin, citizenship, marital status, protected veteran status, disability, age, religion, or any other classification protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Campbell Soup Company