Member of the Vulnerability Identification team responsible for supporting all Vulnerability management activities. Individual Contributor role involves supporting Endpoint Scanning, Compliance Monitoring & Vulnerability Analysis functions using Qualys, Symantec ESM/CCS & GRC tools. As a Team Member you will also be responsible for supporting scanning operations and deep dive analysis/verification of network and web-based findings. You will leverage your knowledge of penetration testing tools/techniques to identify, validate, escalate, and drive risks to closure through partnership with supporting information security teams. You will also analyze/respond to issues requiring the use of complex data (multi-structured, "big data") to fulfill requests for information from business partners (internal & external). Provide governance, guidance, and setting priorities for risk-based vulnerability management, mitigation and remediation by utilizing advanced techniques (text mining, statistical analysis). Provide information to stakeholders for their meetings to illustrate and communicate the state of information security risk relative to mitigating vulnerabilities that may impact operations, or that may cause reputation risk to the organization.
A successful candidate will be team oriented, collaborative, persistent, analytical, and detail oriented so that changes detected in the environment via scanning are assessed for risk and escalated appropriately. Typically 5-7 years of IT experience with 3+ of those focused towards penetration testing.
• Strong Project Management skills.
• Coordinates delivery of project milestones, ensures projects stay on target, escalating and identifying roadblocks.
• Must be able to identify, analyze and address problems to resolve issues whenever possible in way that minimizes negative impact and risk to the organization
• A broad knowledge of information security principles
• Solid experience in Vulnerability Scanning & Compliance Monitoring using Qualys and equivalent tools
• Ability to work independently on initiatives with little oversight.
• Motivated and willing to learn.
• Strong analytical skills/problem solving/conceptual thinking.
• Effective communication skills
• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
• Must have strong leadership skills and qualities which enable you to work with peers and various levels of management
• Ability to write scripts and query databases to extract and transform data.
• Exceptional analytical and critical thinking abilities; Able to develop and convey a point of view
• Knowledge of industry standard scoring models such as CVSS, CCSS.
• Knowledge of vulnerability attack methods.
• Ability to think strategically and execute against a strategic plan
• Professionalism, dependability, integrity and trustworthiness combined with a cooperative attitude. Able to thrive in a dynamic team environment
• Highly motivated self-starter with ability to multitask and complete assignments within time constraints and deadlines. Individual with desire to learn and teach others, high energy, positive attitude
• Subject matter expertise in one or more of the following:
Databases: Oracle, MSSQL, DB2, MySQL, SyBase
OS: Windows, UNIX/Linux
Middleware: Weblogic, WebSphere, Tomcat, Apache, IIS
Scripting: Python, SQL, PHP, BASH
• Bachelor's degree in Information Technology or related field
• Strong analytical skills/problem solving/conceptual thinking
• Ability to work with Technical and Non-Technical business owners
• Assist with internal efficiencies projects and development
• Experience with "big data" tools/techniques