The Vulnerability Analyst will be the primary point of contact for the Information Security team interfacing with other areas of the Information Technology organization on remediation efforts for discovered vulnerabilities. This role will provide insights and guidance on discovered vulnerabilities and how to effectively manage the associated risk, as well as organizing and tracking large datasets across multiple teams. Drive improvements over time through the management, analysis and tracking of vulnerabilities discovered while building and maintaining effective relationships with technology partners to adequately report functional requirements for vulnerability remediation based on criticality and impact. Success in this role will be determined by tracking, reporting, and remediating multiple data points across multiple teams.
Essential Job Duties:
•Develop, communicate, and manage vulnerability scanning processes, guidelines, and standards
•Configure, update, and manage scan policies to ensure 100% coverage of scanning
•Coordinate patch management with IT Teams to ensure timely remediation on discovered vulnerabilities
•Create and execute weekly scans, weekly reports, document vulnerabilities, coordinate the remediation of discovered vulnerabilities with the InfoSec and IT teams
•Implement, track, and drive improvements on Vulnerability scanning KPIs and SLAs
•Review existing security controls to make an informed risk decision on discovered vulnerabilities
•Report and track remediation status to leadership and stakeholders
•Review compensating controls and ensure findings on vulnerabilities align to risk
•Assist in the development and implementation of automated solutions to address daily manual tasks
•Align process and outcomes to all applicable regulations and cybersecurity frameworks
•Ability to quickly understand systems in order to identify and validate security vulnerabilities.
•Work analytically to solve both tactical and strategic problems within the vulnerability management program.
•Establish a rapport with other IT and InfoSec teams to mature the vulnerability management program and actively contribute and participate in team activities and planning that improving team skills, awareness, communication, reputation, and quality of work.
•Manage the detection and analysis of threat intelligence through various third-party sources and align those to the business through a threat triage process for remediation, action, or education.
•Bachelor's degree and minimum 4 years of experience in Information Security, Information Assurance and/or Cyber Security space. Additional relevant experience and professional certifications will be considered in lieu of a degree.
•Must be a critical thinker with strong problem-solving skills.
•Ability to think at systems / architecture level. (i.e. How do all the parts of the solution fit together not just design at element level)
•Demonstrated logical and structured approach to time management and task prioritization in support of teamwork goals.
•Possesses a strong collaborative mindset, able to function as a contributing member of the team.
•2-5 years of Vulnerability Analyst experience and experience with Tenable, Rapid7, or Qualys
•Experience with network security scanners, and an understanding on how attackers exploit vulnerabilities in the wild.
•Experience in the information security field designing and implementing enterprise vulnerability management processes and solutions.
•Deep and broad understanding related to security encompassing end point technologies, applications, application hosting, physical and virtual data center hosting.
•Solid skills in Windows and Linux, Encryption and networking, and have in-depth knowledge and work experience with security best practices.
•Knowledgeable with token/certificate-based authentication, DNS, and AD structure.
•Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
•Accustomed to information security risk assessments processes
•High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
•High degree of initiative, dependability and ability to work with little supervision.
•Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
Candidates must have permanent authorization to work in the United States. In addition, candidates must be fully vaccinated for Covid-19, except those who have an approved medical or religious exemption.
Ice Miller is an Equal Opportunity Employer.