Data Security Analyst
JOB DESCRIPTION: Technical Information Security Analyst – Vulnerability Management
KEY ACCOUNTABILITIES
Contribute to the development and maintenance of the vulnerability management program and technologies supporting information security including: development of processes, documentation, and maximizing tooling
Daily assessment of vulnerabilities identified by infrastructure scan
Evaluate, rate and perform risk assessments on assets
Prioritizing vulnerabilities discovered along with remediation timeline(s)
Send and receive notifications to the SMEs of vulnerabilities within the environment
Interaction with multiple global teams (security architecture, penetration testing, application development, etc)
Maintain knowledge of the threat landscape
Provide reporting and analysis and follow up
Provide vulnerability analysis and produce reports for management
Participate collecting, assessing, and cataloging threat indicators
Create and maintain reporting of vulnerability management
Perform other related duties as assigned
KNOWLEDGE, SKILLS and EXPERIENCE
2+ years of exposure to operations production and technology environment and/or various environments preferred to be within the financial services industry and/or vulnerability management
Experience with vulnerability and patch assessment
Good understanding of Windows and Linux patching
Knowledge of vulnerability scoring systems (CVSS/CMSS)
Experience on vulnerability scanning tools
Knowledge of application, network and operating system security
Ability to learn new technologies
Excellent writing and presentation skills are required in order to communicate findings and status
Cleary communicate priorities and escalation points/procedures to other team members
Detail oriented, organized, methodical, follow up skills with an analytical thought process
Excellent communication skills, especially related to facilitation, documentation and reporting
Strong organizational skills
Prior experience with Project Management
Reasonable depth of exposure/understanding of information technology processes and best practices
Excellent team skills, both as a leader and as a team player
Expected educational background for this position would include:
Preferred industry certification in Information Security such as: CISSP, Security+, Network+, SANS
Monitoring tools
Security architecture experience a plus