Security Vulnerability Management Analyst

Job Title: Security Vulnerability Management Analyst
Job Location: New York, NY
Job Duration: 12 Months (possibility of extension)
Payrate: $35 - $45/ hr. on w2

Job Summary:

• The EITS Security Vulnerability Management Analyst will perform vulnerability scans, assess vulnerabilities identified and prioritize their remediation; help review and enhance the current vulnerability management program.
• This position will interface between various Information Technology teams and this individual must be able to articulate the vulnerabilities and remediations to the stakeholders.
• Additionally this individual should also be able to translate the IT security requirements and constraints of the business into technical control requirements and specifications, help in coordinating the IT organization's technical activities to implement and manage security.
• The EITS Security Vulnerability Management Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services with focus on vulnerability management.
• This individual will act as a subject matter expert in vulnerability management.

General Tasks and Responsibilities:

• Perform vulnerability scans across Client enterprise including the corporate data centers.
• Assess vulnerabilities identified by infrastructure and application scan, penetration testing, etc.
• Prioritize remediation of vulnerabilities discovered along with remediation timeline(s).
• Assist in providing support, planning and execution of remediation of vulnerabilities.
• Track and document vulnerabilities, create and maintain vulnerability management report(s).
• Attend regular team meetings and facilitate meetings between stakeholders, project leaders, and the Information Technology teams on remediation of vulnerabilities.
• Assess vulnerabilities in cloud, containerized, and DevOps environments.
• Help improve and automate existing vulnerability management program.
• Stay current with vulnerability information across all the products in Client environment, maintain knowledge of the threat landscape.
• Assist in integrating Client vulnerability management system with third party solutions like ServiceNow and other available products as and when needed.
• Work with various stakeholders to identify information asset owners.
• Assist in identification of emerging security technologies that can maintain or improve Client’s security posture, and implement them as and when required.
• Actively engage in security architecture solutioning.
• Keep informed on current threats and industry regulations.
• Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required.
• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Educational Level:

• A bachelor's degree in information systems.
• CISSP, CISM, GSEC, CEH, or other relevant security qualification.

Knowledgeable In:

• Experience with vulnerability scanning tools, preferably Rapid7.
• Experience with vulnerability and patch assessment.
• Strong knowledge of vulnerability scoring systems (Client S/CMSS), and security frameworks like OWASP (Open Web Application Security Project), MITRE Tele communication & CK.
• Good understanding of Windows and Linux patching.
• Excellent writing and communication skills in order to communicate findings and remediation status.
• Knowledge of network and operating system security.
• Knowledge of encryption algorithms, known vulnerabilities from alerts, advisories, errata and bulletins.
• Utilize/understand the use of open source tools such as Nmap, Shodan, and Metasploit to identify and confirm vulnerabilities and attack surface.
• Be able to create or modify scripts using frameworks such as PowerShell or Python in order to scan for and validate more complex vulnerabilities.
• Security architecture experience.
• Must possess a high degree of integrity and trust along with the ability to work independently as well as work as part of a fast-moving team.
• Strong Knowledge of infrastructure, application and security protocols in addition to configuration management techniques.
• Knowledge of network security architecture concepts, including topology, protocols, components, principles (e.g. application of defense-in-depth), and traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.).
• Experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI).
• Experience working with operating systems (Microsoft Windows, Linux, UNIX, etc).

Years of Experience:

• A minimum of ten years of IT experience, with at least 7 years dedicated to IT/Cyber Security, including Solution Design.

Other Preferred Skills:

• Participate in special projects as needed and perform other duties as assigned.
• Must be able to work at various locations when necessary along with working various shifts.
• Detail oriented, organized, methodical, follow up skills with an analytical thought process.
• Ability to learn new technologies.