"I rejected resumes due to the lack of the fundamentally security skills and lack of understanding of how to communicate
technical explanations to non-technical audience. Which both attributes are important to this role."
The Vulnerability Management Analyst is part of the CIS Security Operations Vulnerability Management Team, that participates in the attack surface reduction of global computing assets through the identification and assessment of vulnerabilities. The Vulnerability Management Analyst is responsible for analysis of the data generated by the vulnerability management solutions, coordination with external stakeholders regarding their patching program effectiveness and completion of day to day tasks associated with vulnerability management program.
· Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
· Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.
· Provides analysis/validation of remediation actions taken, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
· Schedule and perform reoccurring scanning activities of both corporate and cloud environments utilizing enterprise platform.
· Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.
· Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline
· 2+ years of IT professional experience.
· Understanding of a variety of technical concepts such as: Networking, systems administration, application development, cloud computing and information security best practices.
· Experience with data analytics with the ability to provide qualitative analysis and recommendations.
· Strong verbal and written communication skills.
· Strong organizational and/or project management skills.
· Ability to develop strong working relationships with a variety of other enabling teams.
· Strong attention to detail, data accuracy, and data analysis.
· Self-motivated and operates with a high sense of urgency and a high level of integrity.
· Professional experience in Information Security.
· Vulnerability & Secure Code solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, AppSpider.
· Intermediate to Proficient in a scripting language such as Python, PowerShell.
· Previous experience working in large scale environments with diverse technologies.
Demonstrated technical experience with:
· Endpoint Operating systems such as Windows Servers, Desktops, Laptops, MacOS
· Server Operating systems such as Windows, Linux/UNIX Servers (Solaris, Red Hat Enterprise, Oracle Linux)
· Cloud Computing (AWS & Azure)
· Network Switching and Routing (Cisco, Juniper), Familiarity of TCP/IP and associated protocols.