Data Scientist – Vulnerability Analytics & Risk Intelligence

Job Description:

Role Overview

We are seeking a Data Scientist to design and implement advanced analytics methodologies that enable measurement, trending, and insight generation across the firm’s vulnerability landscape.

This role will sit at the intersection of cybersecurity, data science, and risk management, developing scalable data models and analytics capabilities to transform large, complex vulnerability datasets into actionable intelligence and executive-ready reporting.

The ideal candidate will build foundational data structures and analytical techniques that support weekly operational reporting, monthly risk assessment snapshots, and long-term trend analysis, enabling leadership to clearly understand risk posture, remediation progress, and emerging exposure patterns.

Key Responsibilities

1. Data Modeling & Architecture

Design and implement scalable data models that integrate vulnerability data across multiple systems (e.g., cloud, infrastructure, application, endpoint).

Standardize and normalize disparate vulnerability data sources into a consistent, queryable structure, supporting aggregation and cross-domain analysis.

Partner with data engineering teams to ensure efficient ingestion, transformation, and storage pipelines.

2. Analytical Methodology Development

Develop quantitative methods to:

Measure vulnerability exposure and risk posture

Track remediation effectiveness over time

Identify drivers of exposure (e.g., asset type, product, CVE clustering, ownership)

Determine how to measure Mean Time to Patch

Build frameworks to distinguish:

One-time remediation issues vs. recurring systemic vulnerabilities

Stable vs. volatile vulnerability populations

3. Reporting & KPI Framework Development

Design and implement weekly reporting outputs that provide:

Trendlines (week-over-week, SLA adherence, backlog movement)

Exposure metrics (e.g., open vulnerabilities, aged findings, critical assets)

Ownership views (by division, product, or application)

Develop monthly analytical snapshots to:

Assess current-state risk posture

Identify structural improvements or regressions

Support governance and regulatory reporting

Build automated dashboards and reporting solutions in tools such as Power BI or Tableau.

4. Trend Analysis & Insight Generation

Perform deep-dive analyses to identify:

Root causes of vulnerability accumulation

Systemic control gaps or weak points

Trends across CVEs, products, and technology stacks

Develop models to support forecasting and predictive risk insights where feasible.

Translate analytical findings into clear narratives for senior stakeholders.

5. Stakeholder Engagement & Executive Communication

Partner with vulnerability management, risk, and engineering teams to:

Define reporting requirements and KPIs

Align on data definitions and governance standards

Deliver executive-ready insights answering:

What changed?

Why it changed?

Required Qualification

• s7+ years of experience in data science, analytics, or quantitative modeling, with a strong focus on security, risk, or vulnerability management domain
• sStrong proficiency in
• :SQL and relational data modeling, including designing and optimizing queries against large-scale security and operational dataset
• sPython (or similar) for data analytics, transformation, and automation of data pipelines used in vulnerability and risk analysi
• sExperience working with large-scale, complex datasets, particularly in environments with high-volume vulnerability telemetry, asset inventories, and security finding
• sStrong understanding of
• :Data modeling concepts (dimensional modeling, aggregation strategies) applied to security data (e.g., vulnerabilities, assets, controls, scan results
• )KPI development and performance measurement frameworks, including defining metrics such as vulnerability aging, remediation SLAs, risk scoring, and coverag
• eProven ability to translate complex data into clear, actionable insights, enabling prioritization of vulnerability remediation, risk reduction strategies, and measurable improvements in security postur

e
Preferred Qualificatio

• nsExperience i
• n:Cybersecurity or vulnerability management domai
• nsRisk analytics or regulatory reporting environmen
• tsFamiliarity with vulnerability construct
• s:CVEs, severity/priority frameworks (e.g., P1–P4, exploitability tier
• s)SLA-based remediation tracki
• ngExposure to data governance and data quality controls, including definitions and lineage manageme
• nt(Aligned with expectations for data governance and quality controls in similar roles
• )Hands-on experience building dashboards and visualization solutions (e.g., Power BI, Tableau) to communicate vulnerability posture, risk exposure, and remediation progress to both technical and executive stakeholde
• rsWhat Success Looks Li
• keA robust, scalable data model underpinning all vulnerability analyti
• csConsistent, automated weekly reporting with clear trend visibili
• tyMonthly insights that enable fact-based risk posture assessmen
• tsExecutive dashboards that clearly articulat
• e:Exposu
• reProgre
• ssRisk drive
• rsRequired decisio

ns