Overview
Cyber Vulnerability Management Analysts required to conduct vulnerability discovery, and security testing operations in order to:
- Develop and maintain the capability for identifying vulnerabilities to client Information Systems
- Drive remediation of vulnerabilities via proper measures and processes
- Develop and verify the presence of controls
- Provide technical and tactical advice to management
Ability to operate using consulting and influencing skills, and able to communicate security-related concepts to a broad range of Technical and non-technical staff and be a change agent to transform and enhance capabilities to meet current and future business drivers
Responsibilities
Vulnerability Management Operations:
- Performs and manages technical vulnerability discovery and analysis including the categorization of a discovered vulnerability, characterization of threat posed to information systems
- Facilitates remediation of vulnerabilities by recommending the proper course of action
- Develop and implement security controls testing capabilities
- Engage with stakeholders and SME’s to facilitate vulnerability discovery and remediation
- Perform technical security testing analysis either both overtly and covertly to verify the effectiveness of controls.
- Generate detailed technical analysis of findings as well as analysis consumable by non-technical audiences.
- Maintain knowledge of latest cyber threats and industry best practices
- Coach, teach, and Mentor other analysts enhancing their proficiency.
- Develop training programs for vulnerability and security testing
Service Product Management (10%)
- Support implementation of changes to processes and systems
- Supports creation of appropriate documentation, implementation and communication of established policy, procedures and operating standards for service/product
Security Plans (10%)
- Support reviews of existing security systems and recommends improvements in such areas as communication networks, physical, security, data access, computer hardware and software on all platforms
Additional responsibilities:
- Supports the delivery of solutions that protect information resources against unauthorized disclosure, modification or loss
- Assist in the rapid execution of information security initiatives by maintaining an appropriate level of prioritization, focus and persistence in an environment of significant change and growth
- Ensure that project objectives are delivered on time and meet stakeholder expectations for quality
- Provide consistent follow through with the Business Manager and IT Project manager on issues/concerns to ensure appropriate visibility and escalation where needed
- Must be able to manage project task execution independently and get all associated team members to deliver their tasks on time, without direct authority
- Provide security subject matter expertise
- Assess the security posture of applications and infrastructure using a variety of assessment tools and methodologies
- Executes in priorities and due dates set by his/her supervisor
Requirements
- Bachelor’s degree or equivalent experience
- Prefer certification in or working to obtain CISSP, CISA or CISM
- 3 – 9 years in IT Security/IT Operations, or equivalent positions
- Good understanding of Vulnerability Assessment and Technical Mitigation
- Good understanding of IT security practices, methodologies, tools, and trends
- Experience in Vulnerability Management technologies a plus
- Knowledge of vulnerability detection software a plus
- Able to produce technical reports
- Windows Server OS intermediate skills
- Basic Unix / Linux OS skills desired
- Familiarity with PKI concepts desired
- Basic IT network skills, familiarity with network address concepts
- Prefer experience in vulnerability discovery and reporting
- Strong team player / Excellent communication skills
- Self-driven personality and willing to learn new products and services