Bachelor's Degree in Computer Science, Engineering, or other technical discipline, or equivalent relevant experience.
1-3 years of experience in Information Security / Tech currency.
Experience with management and use of Rapid7 Nexpose (preferred).
Experience operating vulnerability scanning infrastructure and analyzing scans/reports related to risk and vulnerability.
Requirements:
Assess new vulnerabilities, investigate solutions and compensating controls on information systems and infrastructure.
Review and validate vulnerability findings; prioritize remediation activities with application teams through risk ratings.
Verify vulnerability remediation/mitigation; interface with network and infrastructure teams to address challenges; collate security incidents and vulnerability findings to produce monthly and weekly management reports.
Coordinate North America tech currency initiatives and assist in developing the next-generation vulnerability management program.
Job description
The Enterprise Platforms (our team) is responsible for coordinating and manage the vulnerability remediation associated with the application in assets in the organization. The infrastructure vulnerability management strategy is developed with input from information security team for each of these regions and translated into programs that are then executed by the regions using resources from each region.
The Tech Curency / Infrastructure Vulnerability Analyst will leverage analytic and technical skills to Client cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture in the assets in North America. The qualified candidate will assess vulnerabilities, then collaborate with IT and business teams to ensure prompt and effective distribution of findings and that risk and incidents are addressed in the most effective and efficient manner possible. Also the candidate will coordinate the multiple tech currency initiatives that are in flight. This involves following up with the app teams / understand the hurdles, facilitate the conversation with the infra team to remediate that.
We are looking for individuals who have experience performing tech currency initiatives, vulnerability assessment and remediation activities and support the security team as part of the vulnerability management program. The position includes performing vulnerability analysis, review and validate vulnerability findings within the defined application including; O/S vulnerability analysis, written and verbal articulation of remediation recommendations, prioritizing remediation activities with application teams and follow up.
Duties & Responsibilities:
• Assess new vulnerabilities, investigate solutions and compensating controls on information systems and infrastructure
• Review and validate vulnerability findings
• Prioritizing remediation activities with application teams through risk ratings of vulnerabilities and assets
• Verify vulnerability remediation/mitigation
• Interface with network and infrastructure team for any challenges in the remediation
• Collate security incident and vulnerability findings to produce monthly and weekly management reports
• Implement or coordinate remediation required by audits.
• Assist in developing program quality metrics as both program performance indicators and enterprise risk indicators
• Work with Application Vulnerability team as needed to integrate vulnerability findings against application level scans to mitigate the vulnerabilities.
• Leverage Client inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
• Monitor vulnerability mitigation and patching in vendor managed assets
• Implement ad-hoc scans to verify the remediation status
• Helping to develop the Client's next-generation vulnerability management program including formalized assessment criteria, integration with asset inventory and remediation tracking and governance.
• Coordinate tech currency initiative for North America
Qualifications - External
Minimum Qualifications:
• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
• Minimum 1-3 years of experience working in Information Security / Tech currency
• Experience with management and use of Rapid7 Nexpose-Preferred
• Experience in operating vulnerability scanning infrastructure and services
• Experience analyzing scans/reports from security scanning tools and other internal security tools related to risk and vulnerability
• Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
• Comfortable working outside their comfort zone with a willingness to learn
• Excellent verbal and written communication skills
• Strong analytical skills
• Strong team player with ability to work independently
• Strong project management skills and ability to multi-task
• Self-motivated with strong initiative
Preferred Qualifications
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of specific operational impacts of cybersecurity lapses.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in performing impact/risk assessments.
• Skill in program and project management.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration
• Knowledge in leading tech currency initiatives
• I need someone with a high level understanding and experience of Excel and can work independently
