Sr. Vulnerability Analyst provides vulnerability management governance and advisory services to business units who own products or technology assets that contain vulnerabilities. This role will support asset groups across the organization in an effort to reduce the threat footprint by identifying vulnerabilities and associated dependencies, in coordination with IT resources, and track remediation efforts.
Knoweldge:
Understand vulnerability management best practices
Knowledge of vulnerability scanning tools, their function and understanding of the information that is being generated.
Ability to assess vulnerabilities, evaluate weaknesses, provide remediation recommendations for multiple operating systems, platforms, databases, servers, networking devices, workstations.
Working knowledge of security frameworks such as NIST, SCF, PCI.
Familiar with various security architectures and methodologies (Defense in Depth, Kill-Chain, NIST, Critical Controls, OWASP, etc.)
Understanding of vulnerability Metrics, KPI's
Ability to present technical information in non-technical terms for business consumption
Skills:
Excellent analytical and problem-solving skills
Familiar with Scanning tools used in vulnerability management
Ability to demonstrate empathy while seeking common interests; effective problem and conflict resolution skills
Familiar with government security standards and regulations including GLBA, SOX, PCI, COBIT, ITIL
Excellent written and verbal communication skills
Ability to partner and influence other groups or asset owners to improve vulnerability management remediation
Scripting skills (Shell, Python, Java, PHP, PowerShell, etc.) preferred but not required
Education and Experience:
Bachelor's or Associate degree in Information Systems, Computer Science, or Cyber Security, or equivalent work experience
3 years working in IT security domain
Working knowledge of Splunk, query building, dashboard validation - preferred
Certifications:
One or more of the following professional certifications: CISSP, CISM, SANS (GSEC, GCIA, GPEN, etc.), CISA, Security Preferred