Sr Analyst - Vulnerability Management in Atlanta, GA at HUNTER Technical Resources

Date Posted: 10/17/2019

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Atlanta, GA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    10/17/2019
  • Job ID:
    4767600

Job Description


Sr. Analyst - Vulnerability Management
 

Position Description:

The vulnerability management team hunts for and prioritized vulnerabilities that could lead to a breach of confidentiality, integrity or availability of sensitive information. The Senior vulnerability analyst collaborates with his/her peers in the Information Security Office, the company' s asset owners, and other company IT staff to improve the company' s information security posture and reduce the likelihood of a disruptive cybersecurity event.

• Responsible for implementing, configuring and maintaining vulnerability and compliance scanning tools such as Qualyguard, AlertLogic, AppScan, and Nessus

• Conduct scheduled and ad hoc application and system scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and communicate findings effectively

• Ensure data flows are maintained between internal tools and enterprise wide reporting dashboard

• Develop and manage scanning/profiling tools and automated tasks

• Perform and post results of scheduled and on demand vulnerability assessments

• Provide technical feedback on proposed solutions to identified vulnerabilities

• Interface with vendor support teams to keep abreast of developments in product lines

• Research security testing tools, techniques, and processes

• Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities

• Recommend approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes

• Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the security operations center (SOC)

• Promote collaboration with our stakeholders and Red Team researchers to prioritize the remediation of vulnerabilities and close potential attack vectors.

• Understand asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected

• Develop the vulnerability reports and score cards that the define current state of the corporate network security risk posture.

• Mentor and train more junior staff in vulnerability management and awareness. Prioritization of vulnerabilities, attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.

• Work closely with Security Incident Response Team and Architecture team members to help improve the team' s abilities in Detection, Prevention and Response capabilities

• Work with business leaders and other ISO staff to prioritize vulnerability findings for remediation

• Other duties as required.

Qualifications:

• 2+ years of cyber security experience • 4-6 years of technology experience

• Ability to utilize best in class practices and determine best remediation path

• Intermediate level knowledge of Windows and two or more of the following operating systems; *NIX, OS X, iOS, etc.

• Demonstrated knowledge of web application security tools such as Qualys, Splunk, AlertLogic, Burp, nmap, Metasploit, etc.

• Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel) and other standard (Customer specified) applications.

• Demonstrated knowledge of TCP/IP protocols, network analysis, and network/security applications

• Demonstrated experience with scripting languages, such as PowerShell, Python, Bash, PHP, etc. preferred • Excellent analytical and problem-solving skills • Strong interpersonal, oral and written communication skills

• The personality traits, work habits, and social skills necessary to work effectively within a dynamic and highly operational broadcast environment

• Exemplary personal and professional integrity

• Certifications in related areas (e.g. CISSP, SANS GPEN/GWAPT/GXPN, OSCP, CEH) are preferred.