Information Security, Vulnerability Analyst

The Vulnerability Analyst will be responsible for configuring vulnerability assessment tools, performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results for relevant operational teams.

‍

‍

‍

• Plans,  develops, and executes vulnerability scans of organization information  systems
• Review data  from threat and vulnerability feeds to assess applicability to the  organization
• Recommends security  controls and/or corrective actions for mitigating technical and business risk
• Performs  compensating controls analysis and validates efficacy of existing controls
• Identifies  and resolves false positive findings in assessment results
• Generates reports on assessment findings and prioritizes remediation schedules
• Produces vulnerability, configuration, and coverage metrics and reporting to  demonstrate assessment coverage and remediation effectiveness

‍

• Experience in  information security, especially in a vulnerability analysis role on a Computer  Incident Response Team (CIRT), Computer Emergency Response Team (CERT),  Computer Security Incident Response Center (CSIRC) or a Security Operations  Center (SOC)
• Experience  using at least one scripting language (e.g.: Perl, Python, PowerShell)
• Experience  and direct working knowledge of Information Security control frameworks such  as ISO/IEC 27001, NIST CSF, CobIT, etc.
• Technical  expertise in system security vulnerabilities and remediation techniques,  network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
• Technical  expertise in security engineering, system and network security,  authentication and security protocols, cryptography, and application security
• Knowledge of  Microsoft Windows and Linux systems
• Broad  understanding of various IT risk and threat assessment methodologies
• Solid coding  and scripting skills (Python, PowerShell, Java)