Vulnerability Management Specialist – Ict – Level 8 (2 Posts)
Ict & Computer Jobs
Job Description
Applications are invited from suitably qualified persons to fill the following posts within the Zimbabwe Revenue Authority (ZIMRA) – an equal opportunity employer.
Duties and Responsibilities
Key Responsibilities
▪ Conduct vulnerability scans across ICT assets; validate patch levels; monitor remediation effectiveness; escalate unresolved vulnerabilities.
▪ Classify, prioritise and resolve vulnerability alerts; document known weaknesses; conduct trend analysis to identify recurring issues.
▪ Maintain vulnerability management documentation, evidence trails and compliance artefacts in line with ICT Policy and regulatory standards.
▪ Identify systemic vulnerabilities; escalate unresolved threats to the Identity and Access Manager; recommend mitigation measures for enterprise risk registers.
▪ Document lessons learned from vulnerability remediation; update procedures; contribute to governance knowledge base.
▪ Maintain inventories of ICT assets; validate firmware versions and patch schedules
▪ Document lessons learned from vulnerability remediation; update procedures; contribute to governance knowledge base.
▪ Apply vulnerability management standards; follow escalation protocols; embed continuous improvement practices into remediation cycles.
▪ Contribute to security awareness and training for remediation owners to improve patching and secure-config processes.
▪ Any other duties as may be assigned by the Information Security Assets Manager.
Qualifications and Experience
Job Skills and Competencies
▪ Exposure to vulnerability scanning tools, patch validation, remediation actions and risk escalation.
▪ Experience working in multi-disciplinary teams (IT, Risk, Audit, Compliance) to ensure coordinated governance and response.
Enables effective specialist-level decision-making without reference to a superior, within approved vulnerability management standards and escalation thresholds Proficiency in vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7 InsightVM).
▪ Strong knowledge of patch management and remediation processes.
▪ Familiarity with secure configuration baselines across operating systems, databases and applications.
▪ Competence in maintaining ICT asset inventories and validating patch schedules.
▪ Understanding of penetration testing methodologies and exploit validation.
Qualifications and Experience
▪ Bachelor’s Degree in ICT, Computer Science, Information Systems, Cybersecurity, or equivalent discipline.
▪ Professional certification in vulnerability management or cybersecurity (minimum one recognised certification) ; GIAC Vulnerability Assessment (GVA) ,Offensive Security Certified Professional (OSCP) ,ISO/IEC 27001 Lead Implementer or Auditor, Vendor-specific certifications (Nessus, Qualys, Rapid7 InsightVM) or similar certifications.
▪ At least 3 years of experience in vulnerability management, penetration testing, or cybersecurity operations.