Information Security Threat, Vulnerability & Risk Analyst

About The Position

Requirements

• 3+ years of Information Security experience, particularly in Security Engineering and Security Operations required
• Experience with cybersecurity vulnerability management and analysis and compliance monitoring required
• Working understanding of the use of vulnerability detection/identification tools such as Qualys, Tenable, etc. required
• Experience working as part of a patch management process and a familiarity with patching tools (i.e. SCCM, JAMF, KACE, etc.) required
• Desktop, server, application, database, and network security hardening principles and practices for threat prevention required
• Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools) required
• Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management required
• Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice required
• Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE) required

Nice To Haves

• Experience in IT controls monitoring for regulatory and compliance requirements like CIS, HITRUST, SOC 2, and/or NIST preferred
• CompTIA Security+, CompTIA Cybersecurity Analyst+, or Certified Cloud Security Professional (CCSP)

Responsibilities

• Conduct recurring vulnerability scans; Audit and track mitigation activities through to completion
• Conduct both self-assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas
• Conduct scheduled, targeted (in response to advisories and remediation verification), and ad-hoc IT compliance checks and vulnerability scans for the Versant Health global enterprise
• Investigate and validate risk levels associated with vulnerabilities identified via vulnerability scanning tools (Qualys, Kenna, Armis, etc.)
• Provide remediation guidance and recommendations; Coordinate with Development Operations, IT, and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities
• Maintain and enhance the existing IT and vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and associated communications (downtimes, upgrades, report changes, etc.)
• Identify security gaps within our enterprise systems that would not otherwise be detected by a scanning solution in target systems, networks, and applications to support the organization in improving existing security controls and mechanisms
• Create processes and workflows for all aspects of IT compliance auditing and vulnerability management. Work with cross-functional teams to improve processes, workflows, and operational efficiencies
• Utilize proven/reputable sources to maintain an awareness of prevailing and emerging vulnerabilities to proactively address vulnerabilities
• Provide recurring and ad-hoc vulnerability reports upon request
• Establish appropriate vulnerability management calendar, schedule engagements, and track activities to completion; Maintain documentation of scans and activities
• Provide updates and track remediation of risks added to the Information Security Risk Register
• Perform additional duties as assigned

Benefits

• health and dental insurance
• tuition reimbursement
• 401(k) with company match
• pet insurance
• no-cost-to-you vision insurance for you and your qualified dependents