Security /Infrastructure Vulnerability Analyst
Location: Whitehouse Station, NJ or Remote
Duration: 6 months +
Job description
Infrastructure Vulnerability Analyst II
The Enterprise Platforms (our team) is responsible for coordinating and manage the vulnerability remediation associated with the application in assets in the organization. The infrastructure vulnerability management strategy is developed with input from information security team for each of these regions and translated into programs that are then executed by the regions using resources from each region.
The Tech Curency / Infrastructure Vulnerability Analyst will leverage analytic and technical skills to Client cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture in the assets in North America. The qualified candidate will assess vulnerabilities, then collaborate with IT and business teams to ensure prompt and effective distribution of findings and that risk and incidents are addressed in the most effective and efficient manner possible. Also the candidate will coordinate the multiple tech currency initiatives that are in flight. This involves following up with the app teams / understand the hurdles, facilitate the conversation with the infra team to remediate that.
We are looking for individuals who have experience performing tech currency initiatives, vulnerability assessment and remediation activities and support the security team as part of the vulnerability management program. The position includes performing vulnerability analysis, review and validate vulnerability findings within the defined application including; O/S vulnerability analysis, written and verbal articulation of remediation recommendations, prioritizing remediation activities with application teams and follow up.
Duties & Responsibilities:
Assess new vulnerabilities, investigate solutions and compensating controls on information systems and infrastructure
Review and validate vulnerability findings
Prioritizing remediation activities with application teams through risk ratings of vulnerabilities and assets
Verify vulnerability remediation/mitigation
Interface with network and infrastructure team for any challenges in the remediation
Collate security incident and vulnerability findings to produce monthly and weekly management reports
Implement or coordinate remediation required by audits.
Assist in developing program quality metrics as both program performance indicators and enterprise risk indicators
Work with Application Vulnerability team as needed to integrate vulnerability findings against application level scans to mitigate the vulnerabilities.
Leverage Client inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
Monitor vulnerability mitigation and patching in vendor managed assets
Implement ad-hoc scans to verify the remediation status
Helping to develop the Client's next-generation vulnerability management program including formalized assessment criteria, integration with asset inventory and remediation tracking and governance.
Coordinate tech currency initiative for North America
Qualifications - External
Minimum Qualifications:
Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
Minimum 1-3 years of experience working in Information Security / Tech currency
Experience with management and use of Rapid7 Nexpose
Experience in operating vulnerability scanning infrastructure and services
Experience analyzing scans/reports from security scanning tools and other internal security tools related to risk and vulnerability
Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
Knowledge of industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS)
Knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
Comfortable working outside their comfort zone with a willingness to learn
Excellent verbal and written communication skills
Strong analytical skills
Strong team player with ability to work independently
Strong project management skills and ability to multi-task
Self-motivated with strong initiative
Preferred Qualifications
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of specific operational impacts of cybersecurity lapses.
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Skill in performing impact/risk assessments.
Skill in program and project management.
Ability to identify systemic security issues based on the analysis of vulnerability and configuration
Knowledge in leading tech currency initiatives
•
Last updated on Jun 2, 2022