Security Analyst/ Security Engineer (Vulnerability Management)
- Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
- Review and triage vulnerability alerts into manageable reports for other analysts and management to review
- Assist in asset management and vulnerability data-enrichment processes
- Manage vulnerability and configuration scanning tools, like setting up vulnerability scanners, scheduling scans, tuning scanning profiles, etc.
- Prepare security patch bundles and perform testing on those security patches for various types of endpoints (Windows, Linux, MacOS).Implement security patching on various types of endpoints (Windows, Linux, MacOS) and servers.
- Use asset risk profiles, vulnerability severity ratings, and threat information to communicate priorities for remediating vulnerabilities
- Provide stakeholders with advice and assistance in identifying false positives and cost-effective vulnerability remediation or mitigation solutions
- Develop security documentation under the guidance of the Vulnerability Management & Configuration Management Lead
- Assist in automated or manual patching remediation processes
- Provide support and input for assessing risks associated with unmitigated vulnerabilities and configuration weaknesses.
- Support asset management initiatives by assisting with asset identification, classification and ownership.
- Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
- Deliver and designing key vulnerability reporting metrics and KRIs
- Automate integration points with CMDB and other data-enrichment systems
- 3+ years of experience working in information security
- 2+ years of experience in vulnerability assessment & remediation
- Knowledge of common security framework like CIS, NIST, etc.
- Able to articulate how vulnerabilities translates to cyber-risks
- Experience conducting security risk assessments
- Experience of using vulnerability management tools like Tenable, Qualyst, InsightVM, Tripwire CCM , etc.
- Cloud experience (AWS, Azure and/or GCP) is required.
- Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
- Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
- High work ethic and sense of ownership for the delivered results.
- Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.