We are seeking a dynamic and highly-skilled Vulnerability Analyst Engineer. You will be responsible for identifying, analyzing, and mitigating security vulnerabilities in our systems and applications. You will work closely with cross-functional teams to ensure the security and integrity of our IT infrastructure. Your expertise will play a critical role in protecting our assets and maintaining the trust of our clients and stakeholders.
Responsibilities
- Conduct regular vulnerability assessments and penetration tests on networks, systems, and applications.
- Analyze security vulnerabilities identified by various scanning tools and manual methods.
- Collaborate with IT and development teams to remediate identified vulnerabilities and ensure secure deployment of applications and systems.
- Develop and maintain security policies, procedures, and documentation.
- Monitor security advisories, bulletins, and reports to stay up-to-date with emerging threats and vulnerabilities.
- Perform risk assessments and provide recommendations for improving security posture.
- Prepare detailed reports and presentations on findings, risks, and remediation strategies for both technical and non-technical audiences.
- Assist in the development and implementation of security awareness programs and training for employees.
- Participate in incident response activities and provide expertise during security incidents.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Proven experience in vulnerability assessment, penetration testing, and security analysis.
- Proficiency with security tools such as Nessus, Qualys, Tenable, and others.
- Familiarity with security protocols and standards like SSL/TLS, IPsec, and SSH.
- Proficiency in operating systems, Windows and Linux environments.
- Understanding of TCP/IP, firewalls, VPNs, and other networking concepts.
- Experience with scripting languages (e.g., Python, Bash, PowerShell) and automation of security tasks.
- Familiarity with industry standards and regulations such as GDPR, HIPAA, PCI-DSS, and NIST guidelines.
- Excellent problem-solving skills and attention to detail.
- Strong communication and interpersonal skills, with the ability to explain technical concepts to non-technical stakeholders.
- Relevant certifications such as CEH, OSCP, CISSP, CISM, CVA, OSCP or similar are highly desirable.
•
Last updated on Aug 8, 2024