Senior Vulnerability Management Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science, Engineering, Business, Education, or a closely related field
• 4 years of professional or high-level technical work experience may be substituted for the bachelor’s degree.
• An associate’s degree with two years of relevant work experience may be substituted for the bachelor’s degree.
• 2-4 years of relevant experience configuring and administering enterprise security vulnerability management tools and conducting cyber threat intelligence.
• Expert-level proficiency in a variety of vulnerability management technologies and principles.
• Knowledge of regulatory requirements related to security, privacy, and data protection.
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving skills, including interpersonal problem resolution.
• Exhibits intellectual curiosity and a commitment to continuous professional development.
• Values collaboration and recognizes the importance of building strong professional relationships.
• Demonstrates initiative and a proactive approach to workload management.
• Works collaboratively with stakeholders to develop solutions that meet defined requirements and desired outcomes.
• Curiosity, motivation, and a desire for continuous learning.
• A belief that strong relationships are key to success.
• A self-starter with a can-do attitude.
• An effective servant leader and manager of people who begins interactions by listening.
• A collaborator with a focus on providing solutions based on the requirements and necessary outcomes of those whom we serve.

Nice To Haves

• Experience deploying, integrating, and managing Rapid7 InsightVM.
• Advanced degree in Computer Science, Information Security, or related field.
• CISSP, GIAC (GSEC, GCIH, GCIA, GPEN) or other technical security certifications.
• Experience in IT controls monitoring for regulatory and compliance requirements like NIST, CIS, SOX, HIPAA, HITRUST, SSAE 16 - SOC 1 & SOC 2, PCI compliance - PCI DSS / PA-DSS, and NIST is a plus.
• Penetration testing experience

Responsibilities

• Lead and oversee the enterprise threat and vulnerability management program, ensuring effective risk reduction across environments.
• Evaluate and interpret threat data to assess risk and communicate recommended actions to stakeholders.
• Drive remediation efforts by collaborating with IT teams, developers, and system owners.
• Perform vulnerability scanning across on-prem and cloud environments and validate remediation outcomes.
• Collaborate with incident response, vendors, and stakeholders to identify and address emerging threats and vulnerabilities.

Benefits

• health insurance
• life insurance
• retirement plans
• tuition benefits
• ECO pass
• paid time off – vacation, sick, and holidays
• Medical: Multiple plan options
• Dental: Multiple plan options
• Additional Insurance: Disability, Life, Vision
• Retirement 401(a) Plan: Employer contributes 10%25 of your gross pay
• Paid Time Off: Accruals over the year
• Vacation Days: 22/year (maximum accrual 352 hours)
• Sick Days: 15/year (unlimited maximum accrual)
• Holiday Days: 10/year
• Tuition Benefit: Employees have access to this benefit on all CU campuses
• ECO Pass: Reduced rate RTD Bus and light rail service