Vulnerability Management Analyst

Responsibilities

You can look forward to fast pace and dynamic hands-on experiences with engagements and project assignments designed to deepen your technical knowledge and overall experience in cybersecurity. Analysts in this role are expected to consistently learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect the business.

Your experience will include, but not be limited to:

• Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
• Collaborate with IT and security operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.
• Support IT operations' responsibility to remediate system and application vulnerabilities.
• Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
• Prioritize vulnerability remediation based on criticality, exploit probability, rating and business risk exposure.
• Document, prioritize, recommend, validate and report on the state of vulnerabilities.
• Recommend strategic and tactical options to reduce attack surface, containment alternatives and impede attackers.
• Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.
• Remain current with emerging threats and share knowledge with colleagues to improve security posture.
• Maintain active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
• Define key performance indicators and metrics to illustrate efficacy with vulnerability management.
• Maintain documentation related to vulnerability policies and procedures.
• Serve as a point of contact for new and existing vulnerability-related issues.
• Supervise testing and validation vulnerability remediation and controls.
• Assist with change management operations to ensure vulnerabilities are not introduced.
• Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
• Willingness to work nonstandard business hours to respond to and mitigate threats.
• Perform daily monitoring of security tools and oversee remediation of items and/or alerts identified.
• Provide responsive support for events and incidents identified during normal working hours as well as outside normal working hours as needed.
• Respond to inquiries regarding our security controls.
• Perform in-house and third-party vulnerability testing, evaluate social engineering, conduct risk analysis and security assessments, and oversee remediation and post-remediation testing activities.
• Research the latest information (IT) security trends and recommend appropriate security controls, tools, and countermeasures.
• Respond to and manage disruptive events/incidents within the firm, analyze and investigate to determine if alerts or events warrant incident classification.
• Assist with or perform incident response technical activities to minimize impact to the firm.
• Interface with internal and external auditors for risk assessments
• Assist in defining enterprise level security policies and actively enforce these policies.
• Development of security related training materials and assist with the delivery of training to staff to understand security and implement the right strategies.
• Research and stay up-to-date on industry standards and any new vulnerabilities and risks.
• Perform other duties as directed by leadership.

Desired profile of the candidate

Detail-oriented leader with problem solving, communication, and analytical skills.

1+ years of Technical knowledge, understanding, and/or experience with several of the following:

- Blue Team (Blue Defensive Team) experience will preferred

- Vulnerability management software (e.g. Tenable Security Center, Nessus, etc.) is preferred

- Next-generation AV and EDR tools

- Web filtering solutions

- SIEM solutions

- Email security solutions

- Basic TCP/IP and wired/wireless networking technologies

- Active Directory groups, user accounts and Windows folder security structure

- Ability to prioritize work to compete task/activities based on intake queues and service level agreements (SLAs).

- Understanding of OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle.

- Experience with commercial and open-source vulnerability management solutions.

- Ability to influence the technical team and business units and collaborate to reduce attack surface.

- Knowledge of operating systems, applications, infrastructure and cloud computing services.

- Basic understanding of malware distribution, technical risks, and containment/mitigation is preferred.

- Knowledge of Microsoft Azure security practices will be a bonus.

- Capable of scripting in Python, Bash, JavaScript or PowerShell will be a bonus.

- Basic familiarity with compliance frameworks such as NIST.

- Basic familiarity with IT audit processes such as HIPAA.

Bachelors degree in computer science, management information systems, information assurance/cyber defense, computer engineering, or related field.

Contact information : 7507041844