We are HCLTech, one of the fastest-growing large tech companies in the world and home to 225,000+ people across 60 countries, supercharging progress through industry-leading capabilities centered around Digital, Engineering and Cloud. The driving force behind that work, our people, are diverse, creative, and passionate, raising the bar for excellence on a regular basis. We, in turn, work hard to bring out the best in them as we strive to help them find their spark and become the best version of themselves that they can be.

The Senior Vulnerability Analyst is responsible for leading exploitability-driven vulnerability assessments across complex enterprise environments within our customer’s ecosystem. The role focuses on real-world risk, business impact, and operational decision-making, supporting remediation prioritization, detection strategy, and senior stakeholder risk communication.

Required Skills & Experience

• 7+ years of experience in vulnerability management, penetration testing, application security, cloud security, or enterprise security engineering.
• Strong mastery of exploitation fundamentals and attacker tradecraft (RCE, authentication bypass, SSRF, deserialization, traversal, privilege escalation).
• Deep experience in application security, including OWASP Top 10, API security, authentication/session weaknesses, and dependency reachability assessment.
• Proven expertise in cloud security (AWS, Azure, or GCP), including IAM, network controls, logging, managed services, and shared responsibility models.
• Solid understanding of container and Kubernetes security (image/package vulnerabilities, runtime vs. build-time risk, RBAC, network policies).
• Advanced knowledge of infrastructure and network security, including protocols (HTTP/S, SSH, RDP, DNS, TLS), segmentation, and lateral movement paths.
• Hands-on experience with vulnerability scanners (e.g., Qualys) and manual validation techniques.
• Strong scripting and automation skills (PowerShell, Python, Bash) to streamline validation, evidence collection, and reporting.
• High awareness of threat actor activity, exploit maturity, vendor advisories, and supply-chain risk (SBOM-based analysis).

Key Responsibilities

• Lead exploitability-driven vulnerability assessments within the customer environment, evaluating realistic attack paths, prerequisites, reachable attack surfaces, authentication requirements, user interaction, and existing mitigations.
• Contextualize and prioritize vulnerabilities based on asset criticality, exposure, business impact, and compensating controls (EDR, WAF, network segmentation, monitoring).
• Independently validate and confirm findings using safe techniques such as configuration reviews, version verification, targeted scans, and log analysis, producing high-quality, auditable evidence.
• Drive mitigation-oriented outcomes, defining practical remediation options (patching, upgrades, workarounds, configuration hardening, or detection) with clear ownership and timelines.
• Design detection and monitoring guidance when remediation is not immediately feasible, including IOCs, behavioral analytics, MITRE ATT&CK mapping, and threat-hunting recommendations.
• Apply and influence Emergency / Priority / Notify workflows, making sound risk decisions under time pressure and clearly articulating rationale to customer and internal stakeholders.
• Act as a subject-matter expert, collaborating with application, cloud, container, infrastructure, and security teams supporting the customer.
• Maintain accurate documentation and tracking within vulnerability management platforms.
• Incorporate threat intelligence, exploit maturity, and active campaigns into prioritization and response decisions for the customer environment

HCLTech is committed to protecting and securing the privacy and confidentiality of the Personal Data which it collects directly or indirectly from you when applying for a job at HCLTech either directly or through a third-party human resources agency. This notice (the “Notice”) outlines and explains how HCL Technologies Limited including its subsidiaries, local employing entities, associates, and affiliated companies [collectively referred to as “HCLTech”, “us,” “our”, or “we”] will process your Personal Data in accordance with applicable privacy legislation(s).

https://www.hcltech.com/candidate-privacy-notice