Role alignment
Vulnerability Management Analyst
Executive summary
Lab vulnerability management program with policy creation, stakeholder buy-in, authenticated scanning, prioritization, remediation, and verification.
Hiring relevance
The vulnerability management project shows the ability to turn scan output into prioritized remediation, communicate risk clearly, and validate that fixes reduced exposure.
Full technical write-up available
This portfolio page summarizes the project for hiring review. Use the Evidence Links section to read the full technical write-up and review the supporting project artifacts.
32 to 4
Total Vulnerabilities
100%
Critical Reduction
92%
High Reduction
88%
Medium Reduction
Problem
The simulated organization began without an established vulnerability management policy or operating process. The project needed to move from an unmanaged baseline to a repeatable program with governance, scanning permission, prioritized remediation, and verification.
Environment / Tools
Approach
- 1Drafted a vulnerability management policy that defined scope, responsibilities, remediation timelines, and a stakeholder review path.
- 2Simulated stakeholder and server-team meetings to secure buy-in, adjust remediation expectations, and authorize credentialed scanning.
- 3Provisioned an intentionally vulnerable Windows Server environment in Azure and performed authenticated vulnerability scans with Tenable Nessus.
- 4Prioritized remediation work by impact and ease of remediation, including third-party software removal, insecure protocol and cipher hardening, guest account group membership, Windows updates, WinVerifyTrust validation, and outdated software cleanup.
- 5Packaged remediation scripts and scan reports for remediation teams, then validated each remediation round through follow-up scans.
Evidence
- The project repository documents policy drafting, stakeholder buy-in, initial scan permission, authenticated scan results, remediation emails, CAB review, and seven scan exports.
- The remediation workflow includes generating PowerShell scripts for Wireshark removal, insecure protocol and cipher remediation, guest account cleanup, Windows updates, WinVerifyTrust validation, and outdated software removal or updates.
- The supporting CVE remediation mapping repository connects findings to Tenable plugin IDs, CVEs, CVE descriptions, remediation method, and script locations.
- The scripts repository provides the remediation scripts referenced by the vulnerability-to-remediation mapping.
Evidence chain
- 1.Tenable authenticated scan identifies vulnerable findings
- 2.Finding is mapped to Tenable plugin ID and CVE details
- 3.CVE score and description support remediation context
- 4.Remediation method is identified as PowerShell or Bash
- 5.Mapping links to the specific remediation script
- 6.Follow-up scans validate remediation progress
- 7.Final trend data shows reduction from 32 to 4 findings
Result
The full remediation cycle reduced total vulnerabilities from 32 to 4 across seven scans. Critical vulnerabilities were eliminated, high vulnerabilities decreased from 12 to 1, and medium vulnerabilities decreased from 17 to 2.
What I learned
- Vulnerability reduction depends as much on governance and stakeholder coordination as it does on technical scanning.
- Authenticated scanning and follow-up validation provide the evidence needed to show whether remediation actually worked.
- Prioritizing fixes by operational impact and remediation effort creates a practical path from baseline discovery to maintenance mode.