Participating as an individual contributor supporting the continual maintenance and improvement of an Enterprise Vulnerability Management program and related processes. Will work collaboratively with the corporate business groups to ensure a consistent and integrated approach is applied to Vulnerability Management and Forensics which aligns to the overall business mandate. As a representative of Enterprise Information Security (EIS) the position supports the appropriate design, implementation, and/or execution of the Vulnerability Management and Digital Forensic Functions. This position requires strong technical skills, tenacious individual with strong communication, problem-solving, relationship and consensus-building skills and a high degree of personal initiative and attention to detail.
Duties & Responsibilities:
Serve as a vulnerability management analyst for information systems Perform routine security assessments encompassing engagement activities, intelligence gathering, threat modeling, vulnerability analysis, exploitation and reporting Provide and support E-Discovery and Legal Hold Investigation efforts and service offerings Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components Perform compliance scanning to analyze and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components Engage with stakeholders, to include IT professionals, management, and auditors to facilitate vulnerability discovery and remediation Communicate security and compliance issues in an effective and appropriate manner Recommend and validate appropriate remedial actions to mitigate risks and ensure information systems employ the appropriate level of information security controls Assist in development and implementation of information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements. Evaluate, select, and implement new emerging security technologies Perform maintenance and upgrades of existing security technologies Contribute to the maintenance and growth of the E-Discovery and Forensic analysis programs and capabilities. Work with team members and business partners to maintain and improve the Legal Hold and investigation process.
Salary: Not Disclosed by Recruiter
Industry: IT-Software / Software Services
Functional Area: IT Software - Network Administration , Security
Role Category:Programming & Design
Employment Type: Permanent Job, Full Time
Desired Candidate Profile Related Education & Experience:
Bachelors in related curriculum such as Information Technology (IT) with 1-3 Years of Related Experience
Include demonstrated competencies and physical, mental, & interpersonal skills Information security experience with focus on vulnerability management, penetration testing and/or forensic investigations preferred CISSP, CRISC or CISM preferred Familiar with risk and control frameworks, and process improvement models (e.g. PCI DSS, NIST RMF, HIPAA, ISO 27002, ITIL, PTES) Prior experience working with diverse, cross-functional, cross-departmental projects, and technologies Well-rounded understanding of technology, operations, and key business processes Strong interpersonal skills and excellent written and verbal communication skills Intermediate to advanced proficiencies with MS Excel, MS Word, and MS PowerPoint Demonstrates a high degree of ethics; instills trust and credibility Effectively identifies, collaborates, and maintains relationships with relevant stakeholders Portrays strong facilitation, negotiation, and conflict resolution skills Translates requirements and risk concepts into relevant and understandable terms Manages individual workload to deliver with excellence on simultaneous projects and priorities; each with tight schedules Familiarity with vulnerability exploitation concepts Experience with Penetration Testing Execution Standard (PTES) Experience with industry standard vulnerability scanning tools Experience with E-Discovery, Legal Holds, and handling of Forensic Data/Evidence is preferred Possesses knowledge of other security related technologies