- Job Title: Data Scientist – Vulnerability Analytics & Risk Intelligence
- Contract:1-Year
- Location: Montreal (Remote Role)
- Job Description
- :Role Overvie
- wWe are seeking a Data Scientist to design and implement advanced analytics methodologies that enable measurement, trending, and insight generation across the firm’s vulnerability landscape
- .This role will sit at the intersection of cybersecurity, data science, and risk management, developing scalable data models and analytics capabilities to transform large, complex vulnerability datasets into actionable intelligence and executive-ready reporting
- .The ideal candidate will build foundational data structures and analytical techniques that support weekly operational reporting, monthly risk assessment snapshots, and long-term trend analysis, enabling leadership to clearly understand risk posture, remediation progress, and emerging exposure patterns
- .Key Responsibilitie
- s1. Data Modeling & Architectur
- eDesign and implement scalable data models that integrate vulnerability data across multiple systems (e.g., cloud, infrastructure, application, endpoint)
- .Standardize and normalize disparate vulnerability data sources into a consistent, queryable structure, supporting aggregation and cross-domain analysis
- .Partner with data engineering teams to ensure efficient ingestion, transformation, and storage pipelines
- .2. Analytical Methodology Developmen
- tDevelop quantitative methods to
- :Measure vulnerability exposure and risk postur
- eTrack remediation effectiveness over tim
- eIdentify drivers of exposure (e.g., asset type, product, CVE clustering, ownership
- )Determine how to measure Mean Time to Patc
- hBuild frameworks to distinguish
- :One-time remediation issues vs. recurring systemic vulnerabilitie
- sStable vs. volatile vulnerability population
- s3. Reporting & KPI Framework Developmen
- tDesign and implement weekly reporting outputs that provide
- :Trendlines (week-over-week, SLA adherence, backlog movement
- )Exposure metrics (e.g., open vulnerabilities, aged findings, critical assets
- )Ownership views (by division, product, or application
- )Develop monthly analytical snapshots to
- :Assess current-state risk postur
- eIdentify structural improvements or regression
- sSupport governance and regulatory reportin
- gBuild automated dashboards and reporting solutions in tools such as Power BI or Tableau
- .4. Trend Analysis & Insight Generatio
- nPerform deep-dive analyses to identify
- :Root causes of vulnerability accumulatio
- nSystemic control gaps or weak point
- sTrends across CVEs, products, and technology stack
- sDevelop models to support forecasting and predictive risk insights where feasible
- .Translate analytical findings into clear narratives for senior stakeholders
- .5. Stakeholder Engagement & Executive Communicatio
- nPartner with vulnerability management, risk, and engineering teams to
- :Define reporting requirements and KPI
- sAlign on data definitions and governance standard
- sDeliver executive-ready insights answering
- :What changed
- ?Why it changed
- ?
- Required Qualificatio
- ns7+ years of experience in data science, analytics, or quantitative modeling, with a strong focus on security, risk, or vulnerability management domai
- nsStrong proficiency i
n:
- SQL and relational data modeling, including designing and optimizing queries against large-scale security and operational datas
- etsPython (or similar) for data analytics, transformation, and automation of data pipelines used in vulnerability and risk analy
- sis
- Experience working with large-scale, complex datasets, particularly in environments with high-volume vulnerability telemetry, asset inventories, and security find
- ings
- Strong understandin
- g of:Data modeling concepts (dimensional modeling, aggregation strategies) applied to security data (e.g., vulnerabilities, assets, controls, scan res
- ults)
- KPI development and performance measurement frameworks, including defining metrics such as vulnerability aging, remediation SLAs, risk scoring, and co
- verage
- Proven ability to translate complex data into clear, actionable insights, enabling prioritization of vulnerability remediation, risk reduction strategies, and measurable improvements in security
- posturePreferred Qualifi
- cationsExperie
- nce in:Cybersecurity or vulnerability management
- domainsRisk analytics or regulatory reporting envir
- onmentsFamiliarity with vulnerability cons
- tructs:CVEs, severity/priority frameworks (e.g., P1–P4, exploitability
- tiers)SLA-based remediation t
- rackingExposure to data governance and data quality controls, including definitions and lineage man
- agement(Aligned with expectations for data governance and quality controls in similar
- roles )Hands-on experience building dashboards and visualization solutions (e.g., Power BI, Tableau) to communicate vulnerability posture, risk exposure, and remediation progress to both technical and executive stake
- holdersWhat Success Loo
- ks LikeA robust, scalable data model underpinning all vulnerability an
- alyticsConsistent, automated weekly reporting with clear trend vis
- ibilityMonthly insights that enable fact-based risk posture asse
- ssmentsExecutive dashboards that clearly arti
- culate:E
- xposureP
- rogressRisk
- driversRequired de
cisions
Mention you found this on Data First Jobs — it helps us bring you more roles like this.
Data Security Analyst
Soho Square Solutions
Similar Analytics Jobs
View all Analytics jobs→Tundra Technical Solutions
Senior Business Analyst
New
Brant County, Ontario (Canada)$70,000 - $80,000
TD
Credit Analyst II
New
Saint-Léonard-d'Aston, Quebec (Canada)
TD
Senior FCRM Testing Analyst (4558)
New
Toronto, Ontario (Canada)
Lincoln Property Company
Risk Analyst
New
Dallas, Texas (USA)
Aptino, Inc.
Capital Markets Application Support Analyst
New
Toronto, Ontario (Canada)$50,000 - $50,000
State of Delaware
Management Analyst II
New
Delaware (USA)
Like this role? Get carefully selected jobs like it, twice a week, straight to your inbox.
Free, no spam. Unsubscribe anytime.