Lead Vulnerability Management Analyst

About The Position

Requirements

• A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science) and requires 5 – 7 years of related experience. Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.
• 5+ years Vulnerability Management, Pen testing or related
• OWASP framework and the software development lifecycle
• Familiar with the laws, regulations, industry standards and guidance pertaining to data protection and information security in the healthcare industry
• Experience in vulnerability scanning, security information and event management (SIEM), penetration testing, and/or advanced malware protection
• Experience with SAST and DAST tools and technologies
• Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Service Organization Controls (SOC) 2, Sarbanes–Oxley Act (SOX), etc.
• Intermediate - Seeks to acquire knowledge in area of specialty
• Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions
• Intermediate - Ability to work independently
• Intermediate - Demonstrated analytical skills
• Intermediate - Demonstrated project management skills
• Intermediate - Demonstrates a high level of accuracy, even under pressure
• Intermediate - Demonstrates excellent judgment and decision making skills
• Intermediate - Ability to communicate and make recommendations to upper management
• Intermediate - Ability to drive multiple projects to successful completion
• Intermediate - Possesses technical aptitude
• CISSP Certified Information Systems Security Professional or Certified Information Security Manager (CISM) or GIAC Enterprise Vulnerability Assessor (GEVA) required

Responsibilities

• Leads the organization's vulnerability management infrastructure and processes.
• Works with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities.
• Identifies systemic security issues based on the analysis of vulnerability and configuration data.
• Performs impact and risk assessments based on vulnerability data.
• Assesses vulnerabilities across applications, endpoints, databases, networking, mobile and cloud assets
• Conducts continuous discovery and vulnerability assessment of enterprise-wide assets
• Reviews reports, assets and vulnerability state; recommend remediation and validation approaches
• Partners with various IT and application teams in remediation efforts to ensure vulnerabilities have been appropriately remediated or managed in a timely manner
• Stay abreast of vulnerability results to technical and non-technical business units based on risk tolerance and threat to the business.
• Gain stakeholder support through influential messaging
• Leverages vulnerability database sources to understand systems weaknesses, its probability and remediation options, including vendor-supplied fixes and workarounds
• Directs the research of new technologies and works with key stakeholders to assess risk and implement and/or validate controls as necessary
• Reviews vulnerabilities data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets
• Works with Technology teams in static (SAST) and dynamic (DAST) scanning analysis to understand application threats and vulnerabilities
• Performs other duties as assigned
• Complies with all policies and standards

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules