Vulnerability Remediation Analyst - Network
My client requires an experienced Vulnerability Analyst to join their project.
This position will be responsible for driving remediation efforts for network and host vulnerabilities throughout a global enterprise. They will partner with different business groups, technology functions and risk management teams to provide remediation guidance as needed.
The qualified candidate will possess a working knowledge of various operating systems (Linux, UNIX, Microsoft Windows, Cisco, and Palo Alto) and patch management solutions; utilizing that knowledge they will provide assistance to technology teams in remediating outstanding vulnerabilities and configuration flaws. The individual must have a knowledge of critical built-in security practices and a strong working knowledge of vulnerability and patch management at an enterprise level. This includes all aspects of the remediation process: identifying, tracking, reporting and working technology owners accountable for resolving open vulnerabilities on an aggressive timeline. The individual must have a knowledge of built-in security practices, knowledge of the application remediation life cycle, have excellent communications and time management skills, and be effective at influencing individuals outside of their reporting structure.
This is a hands-on role that involves evaluating the security posture of enterprise assets and working with teams to enforce corporate patch management policies. The position will work other team members to analyze vulnerability data, assist in the prioritization of emerging threats and report on overall risk and compliance.
* Excellent problem solving and analytical skills.
* Outstanding oral and written communication skills.
* Self-motivation and the ability to work under minimal supervision are a must.
* Experience with any of the following: Rapid7 Nexpose, Tenable Nessus, Qualys, and other network vulnerability assessment tools.
* Experience with any common patch management tools: SCCM, Avanti, BigFix, Satellite, and other patch management tools.
* Foundational knowledge of cloud-based infrastructures/software and how they affect security needs.
* Perform data validation and quality control checks to ensure adherence to risk management and IT requirements.
* Good working knowledge of industry and commonly adopted secure standards, practices (eg applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT).