Security Analyst - Vulnerability Management
|Duluth, Georgia - United States
$90,000.00 - $140,000.00 - US Dollars - Yearly
WHY IS THIS A GREAT OPPORTUNITY?
Our leading financial services client is searching for a highly skilled Senior (Level III) Security Analyst – Vulnerability Management with strong knowledge of QualysGuard for a six (6) month contract right-to-hire position offering some potential for direct hire in Duluth, GA.
Local (Duluth/Atlanta) area candidates only and no 3rd party or C2C.
In this role you will be primarily accountable for the vulnerability management lifecycle throughout company for the detection, prioritization, and remediation of vulnerabilities. Provide subject matter expertise on Patch and Vulnerability Management including leveraging best in class tools and partners for scanning and testing. Provide direct high-level analysis of specific or broad-scope security issues and risks identified by key systems and other sources. Produce analysis and reporting of cyber security risks and trends to inform decision-making processes and the holistic cyber security risk posture of the company. Oversee the risk-ranking process of newly identified vulnerabilities for prioritization and development of remediation plans. Regularly participate in vulnerability management, threat identification, and/or deep dive research projects as assigned to challenge assumptions and articulate true, proven cyber security risk within the company. Document & communicate analysis results or findings to both technical and business audiences.
- Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.
- Provide input, help prepare and update VM roadmap, develop, maintain, and publish project plans and operation schedules.
- Propose VM concepts/solutions and prepare presentations.
- Create and maintain SOPs for the VM program, provide technical knowledge to operations and production support teams.
- Maintain configuration control of VM hardware, systems, and application software, Coordinate upgrades and other maintenance activities on VM tools.
- Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
- Prepare and maintain technical documentation of VM program.
- Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and prioritize remediation activities related to servers, storage, databases, appliances, web applications and network devices.
- Evaluation analysis and risk ranking of vulnerability findings in alignment with the NIST CVSS scoring framework.
- Lead and facilitate Vulnerability Management meetings for the review of findings and presentation of summary and detailed reports and trends.
- Preparation and submission of exceptions for findings planned outside of SLAs for remediation.
- Relationship Management with 3rd party Pen Testers and Managed Vulnerability Management System service provider.
- Planning and scheduling of ASV scans and 3rd party pen testing activities.
- Detail and Summary status reporting of vulnerability remediation.
- Collaborate on and provide VM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities.
- Help develop a long term VM strategy (3-5 years) that will address global information security needs (current state, gaps and opportunities).
- Bachelor’s degree and 5 years of related experience or equivalent training and/or experience.
- Proven Level 3 experience as a Security Analyst
- 3-5 years of hands-on experience with QualysGuard.
- At least 5 years’ of combined experience supporting Microsoft Windows Servers and endpoints, Linux & Unix servers, virtual infrastructure (e.g. ESXi), and network assets (e.g. routers, switches, firewalls, load balancers, etc.).
- At least 1 year of hands-on experience with vulnerability and configuration aggregation tools like ThreadFix, Qualys, BMC BladeLogic, SolarWinds, or Kenna Security.
- 2+ years’ experience developing and maintain vulnerability management policies, procedures, processes, and guidelines.
- 2 or more years’ experience developing remediation plans for vulnerability management, including Application Security, Vulnerability Scanning, and/or third-party Penetration Testing.
- Strong background in network security related technologies.
- 2+ years’ experience with Cybersecurity framework like NIST, COBIT, ISA, and ISO.
- 2 or more years’ experience with PCI-DSS 3.x standards.
- Knowledge of security best practices and procedures.
- Ability to provide support in resolving IT security or related product issues as required.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Experience managing projects or project work streams.
- Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders.
- Ability to provide direction and mentor less experienced teammates.
- Highly self-motivated and directed.
- At least one or more years’ experience with Agile framework
University - Bachelor's Degree/3-4 Year Degree