Sr. Vulnerability Analyst provides vulnerability management governance and advisory services to business units who own products or technology assets that contain vulnerabilities. This role will support asset groups across the organization in an effort to reduce the threat footprint by identifying vulnerabilities and associated dependencies, in coordination with IT resources, and track remediation efforts.
- Understand vulnerability management best practices
- Knowledge of vulnerability scanning tools, their function and understanding of the information that is being generated.
- Ability to assess vulnerabilities, evaluate weaknesses, provide remediation recommendations for multiple operating systems, platforms, databases, servers, networking devices, workstations.
- Working knowledge of security frameworks such as NIST, SCF, PCI.
- Familiar with various security architectures and methodologies (Defense in Depth, Kill-Chain, NIST, Critical Controls, OWASP, etc.)
- Understanding of vulnerability Metrics, KPI’s
- Ability to present technical information in non-technical terms for business consumption
- Excellent analytical and problem-solving skills
- Familiar with Scanning tools used in vulnerability management
- Ability to demonstrate empathy while seeking common interests; effective problem and conflict resolution skills
- Familiar with government security standards and regulations including GLBA, SOX, PCI, COBIT, ITIL
- Excellent written and verbal communication skills
- Ability to partner and influence other groups or asset owners to improve vulnerability management remediation
- Scripting skills (Shell, Python, Java, PHP, PowerShell, etc.) preferred but not required
Education and Experience:
- Bachelor’s or Associate degree in Information Systems, Computer Science, or Cyber Security, or equivalent work experience
- 3 years working in IT security domain
- Working knowledge of Splunk, query building, dashboard validation - preferred
- One or more of the following professional certifications: CISSP, CISM, SANS (GSEC, GCIA, GPEN, etc.), CISA, Security Preferred