IT Vulnerability Risk Management Analyst
Job Description
IT Vulnerability Risk Management Analyst
Location: Oklahoma City, OK or Grapevine, TX
Description:
The IT Vulnerability Management Team is responsible for the development, enforcement and monitoring of security controls, ongoing security hardening of technology assets, and for the delivery of security services. Additionally, the team will be responsible for the Security Critical Controls of auditing and monitoring for secure configurations of hardware and vulnerabilities remediation's of software on various platforms. The team will also play a key role in staying apprised of current security threats and vulnerabilities, such as zero-day vulnerabilities.
RESPONSIBILITIES
Education/Certification:
Experience:
Education/Certification:
Location: Oklahoma City, OK or Grapevine, TX
Description:
The IT Vulnerability Management Team is responsible for the development, enforcement and monitoring of security controls, ongoing security hardening of technology assets, and for the delivery of security services. Additionally, the team will be responsible for the Security Critical Controls of auditing and monitoring for secure configurations of hardware and vulnerabilities remediation's of software on various platforms. The team will also play a key role in staying apprised of current security threats and vulnerabilities, such as zero-day vulnerabilities.
RESPONSIBILITIES
- Proactively architect and grow vulnerability scanning, identification, and risk ranking.
- Provide direction to the company's current security program and continue to push it forward.
- Develop team talent and act as the Subject Matter Expert for Vulnerability Management.
- Track and provide technical guidance for vulnerability remediation through ticketing system.
- Facilitate discussions with stakeholders to come up with mutually agreed upon plans for patching.
- Communicate risks in a meaningful way to business units that may be unfamiliar with security.
- Become a SME and leader of the ongoing processes involving vulnerability scanning, reporting, and assessment.
- Design and manage asset groups in vulnerability scanners in a rapidly changing environment while taking in account workloads on workstations, servers, and networked devices.
- Support the Patch Tuesday Process for Microsoft Patching.
- Recommend and monitor security hardening settings for technology assets.
- Audit critical controls: Security Agents, Data protection, and malware defenses.
- Stay up to date and current on any vulnerabilities (including Zero-Day).
- Establish and understand baseline configurations for operating systems.
- Update job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations.
- Collaborate with IT, security, human resources, and legal to ensure full legal compliance of company policies, procedures, forms, notices, and materials.
- Document and report on specific duties, activities, problems solved, and issues resolved.
- Perform additional duties and assignments as requested.
- Work outside the standard office 8-hour workday may be required with on-call availability.
Education/Certification:
- Bachelor’s degree in Computer Science, Engineering, Cyber Security, or related field
- Industry relevant certification required.
Experience:
- 5+ years of vulnerability management and/or security administration
Education/Certification:
- Industry Certification (GCIH, GCIA, GMON, CISSP, CEH, Sec+, CySA+, etc.) preferred.
- 3-5 years of System Administration
- 2-5 years of Automation or Scripting
- Strong knowledge of threats and vulnerabilities associated with cloud and on-premise security.
- Strong familiarity with Vulnerability Management scanning and reporting tools.
- Extensive experience with information security principles and practices to include, but not limited to, the following areas: Vulnerability Scanners; Zero-day Response; Risk Reporting; Attack Surface Management; Host Based Security; Cloud Security; Security Information and Event Management systems.
- Familiarity with implementing/auditing industry standard hardening practices (NIST/ CIS controls)
- Understanding of scripting languages (Python, Powershell, Bash, T-SQL (MySQL/MSSQL), PHP, Perl, JavaScript, C#, HTML) is recommended but not required.
- Provide technical recommendations to system owners to propose mitigation and remediation solutions.
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers, and via other education opportunities.
- Strong analytical and problem-solving skills.
- Highly responsive with an ability to handle escalations quickly and professionally.
- Strong verbal and written communication skills
- Maintain effective working relationships with supervisor and coworkers.