Vulnerability Management I Analyst II

Job Title: Vulnerability Management Analyst II

Function/Department:  IT/Security

Reports to: Manager, Vulnerability Management

FLSA: Exempt
 

POSITION SUMMARY

• The Vulnerability Management Analyst II will support the corporate-wide IT Vulnerability Management Program. This person will understand end-to-end vulnerabilities within our environment, determine cause and impact, and identify the corrective action needed to eliminate and prevent the event from happening in the future. They will partner with application and asset owners to remediate vulnerabilities found on their assets. The Senior Analyst will be the subject matter expert for vulnerability analysis within the team.

RESPONSIBILITIES

• Be the subject matter expert for vulnerability analysis within the team.
• Act as a mentor to other analysts and share knowledge with the team.
• Discover assets, scan them for vulnerabilities, and remediate them based on their criticality.
• Triage the vulnerability data from multiple sources (i.e., internal / external vulnerability scanning, internal / external penetration testing, etc.) and prioritize based on multiple factors including but not limited to severity, exploitability, risk, impact, etc.
• Partner with application and technology teams to troubleshoot, develop, select, implement, and automate appropriate security solutions to keep system data protected from internal and external threats.
• Provide support and resolution for scanning and vulnerability remediation reporting issues.
• Work with application and asset owners to effectively communicate the risks of identified vulnerabilities and make recommendations regarding vulnerability remediation and/or the selection of cost-effective security controls to mitigate identified risks.
• Assist in improving and automating existing vulnerability management lifecycle; including but not limited to data ingestion & normalization, compliance metrics and detections on assets.
• Participates in the creation, review, and maintenance of current and proposed processes and procedures and related documentation within the team.
• Communicating and working with teams at different levels, like GRC, Infrastructure, Application Teams, and Leadership.
• Track vulnerabilities throughout their life cycle from a reporting and metrics perspective.
• Provide analysis and validation post remediation, opportunities for improvements, and out of the box thinking for optimizations and solving roadblocks.
• Provide technical support for vulnerability management projects.
• Tap into various Threat intelligence feeds to see what new vulnerabilities are out there and proactively putting mitigation or remediation steps in place as needed.
• Troubleshoot data collection points that feed into the vulnerability management platform like agents, authentication records, etc.
• Manage application security catalogue and conduct ad hoc scans to validate findings from other tools.
• Work towards reducing the enterprise attack surface by scanning the external perimeter and using other tools like Security Scorecard or Bitsight.
• Leverage API calls and scripting to automate and streamline regular repetitive tasks in the VM platform.
• Engage with vendors to proactively address open tickets and resolve issues in a timely manner.

QUALIFICATIONS

• Bachelor's degree in Computer Science, MIS, Cybersecurity, or a related field of study.
• 3+ years of related experience, specifically in IT Operations, Security Operations, Vulnerability Management, and/or Incident Response.
• Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability management, response, and remediation efforts.
• Demonstrated experience with vulnerability scanning processes and tools (e.g., Qualys, Tenable, Rapid7, etc.)
• Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues.
• Excellent communication skills both written and oral using the English language.
• Ability to work comfortably and successfully in a fast-paced environment with frequent changes in priorities and ability to influence others or manage indirectly.
• Demonstrated experience in metrics collection, analytical, reporting, and communication skills.

About Company