The primary role of this position is to drive process and execution of discovery, reporting, prioritization and remediation of vulnerabilities across disparate spaces including, but not limited to, operating system (i.e., Windows, Unix, Linux), application, network, and database vulnerabilities across Client managed and third-party applications and services.
- Develop action plans and processes for vulnerability and patch remediation, risk assessments and drive execution of any remediation actions.
- Develop hardening guidelines for new technologies and applications.
- In partnership with the Business and IT groups, the Vulnerability Management Analyst will provide guidance and solutions to facilitate the assessment and alignment of application services, vulnerability management, and risk awareness to the information security objectives.
- Define and execute the process for capture, calculation, consolidation, and presentation of vulnerability metrics for the global enterprise.
- Maintain vulnerability management policies, procedures, and training.
- Perform network and application-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts.
- Perform comprehensive vulnerability assessments and continuous monitoring across the organization.
- Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to the computing environment, and communicating applicable vulnerabilities and recommended corrective actions to impacted teams.
- Research new threats, vulnerabilities, exploit techniques and develop new methods of testing new threats.
- Be an advocate for and champion best practice security configuration and hardening.
- Manage vulnerability related tickets to ensure issues are remediated within proper timelines.
- Bachelor’s degree* in Computer Science, Cybersecurity, or related field required; Master's degree preferred.
- Minimum of 5 years IT Security experience required.
- Direct experience with providing vulnerability and threat analysis, understanding of risks, and mitigating controls, prioritization and coordination of resulting action using Vulnerability Management tools (e.g., Tenable, Qualys, etc).
- Previous experience with compliance frameworks, their implementations and driving an organization to adhere both to compliance requirements and appropriate security standards.
- Knowledge of routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
- Strong knowledge on Vulnerability Management & remediation of OS, App, Network & DB vulnerabilities. Strong knowledge of industry standards regarding vulnerability management including Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE).
- Strong understanding of and experience with patch automation, security orchestration, and management tooling for on premise, private cloud, and cloud infrastructure.
- Awareness of industry frameworks and best practices: Threat Modelling, OWASP, SANS Security Model.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor CISM), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP) or other similar certification preferred.
- Ability to develop innovative risk mitigation solutions that address core issues with limited supervision.
- Excellent written and verbal communication skills.
- Professional demeanor and ability to interface with all levels of the organization.
*Degree must be from a school that is accredited by an accrediting agency recognized by the Secretary of Education of the U.S. Department of Education or equivalent program from an international university.