Staff IT Analyst II Cyber - Senior Vulnerability Management Analyst

About The Position

Requirements

• 5+ years of related experience in vulnerability management, threat management, security operations, or a related cybersecurity discipline.
• Bachelor's degree in computer science, IT or related field required.
• Proficiency with vulnerability management tools (e.g., Rapid 7 Insight VM, Qualys, Wiz), and patch/configuration management hardening guidelines and approaches.
• Experience with ServiceNow Vulnerability Response, CIS WorkBench, PowerBI and Power Automate for tracking, reporting, and process automation.
• Solid understanding of operating systems (Windows, Linux), networking concepts, and cloud platforms (AWS, Azure, GCP).
• An intermediate knowledge of general Financial Services or Banking is preferred.
• Intermediate knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Experience applying risk-based prioritization in a hybrid technology environment.
• Intermediate to advanced knowledge of cybersecurity policies and procedures, Privacy principles and practices, and vulnerability assessment tools and techniques.
• Intermediate to advanced knowledge of the risk and controls associated with Cybersecurity Program domains including Data Protection, Threat/Vulnerability Management, BCP/DR, security governance & assessment, security training & awareness, network security, cloud security, emerging technology controls (e.g. AI, blockchain), third-party suppliers, security operations, etc.
• Intermediate speaking and writing communication skills.
• Strong analytical skills and the ability to communicate technical findings to non-technical audiences.

Nice To Haves

• CompTIA Security+, CompTIA A+, GIAC Information Security Fundamentals (GISF), Certified Information Systems Auditor (CISA), Certified in Risk of IT System Controls (CRISC), Certified in Cloud Security Knowledge (CCSK), or GIAC Security Essentials (GSEC) preferred.

Responsibilities

• Assist with defining and implementing strategy, processes, procedures, and controls for vulnerability management, threat exposure management, and compliance scanning.
• Review and validate vulnerability scan results from various platforms (e.g., Wiz, Rapid7) for accuracy and relevance and support investigations into false positive detections.
• Support the implementation, management, and maintenance of vulnerability management and external attack surface platforms or tools.
• Lead the planning and implementation of security measures to protect cybersecurity practices, processes and IT systems.
• Design, monitor, and evaluate security safeguards by analyzing these items to identify potential security threats.
• Develop strategies to protect security practices, processes, or IT systems from cyber-attacks.
• Maintain security systems or capabilities by installing, configuring and/or maintaining software, and assisting in monitoring the company network/system for breaches or vulnerabilities.
• Design scripts and deploy automated solutions to streamline manual processes involved in information collection and consolidation.
• Track open vulnerabilities from identification through resolution, coordinating with IT program and asset owners or escalating issues as needed.
• Provide support for developing customized compliance policy scanning rulesets based on CIS benchmarks.
• Work with security, IT teams, and other stakeholders to assess the impact of vulnerabilities in WAB's environment and establish appropriate mitigating controls.
• Recommend and apply measures to address and resolve vulnerabilities or security exposures.
• Prepare and deliver vulnerability reports and dashboards for technical teams, leadership, and business stakeholders.
• Identify recurring vulnerabilities and trends to assist in long-term risk reduction strategies.
• Support vulnerability management and information security by increasing awareness and use of security services.
• Design and improve KRIs, KPIs, and operational metrics for different audiences and organizational needs.
• Stay informed about new vulnerabilities, cyber threats, and attack vectors.
• Participate in audits and examinations as a subject matter expert when required.
• Propose and spearhead process improvements to enhance the VRM program.

Benefits

• Competitive salaries
• Ownership stake in the company
• Medical and dental insurance
• Time off
• Great 401k matching program
• Tuition assistance program
• Employee volunteer program
• Wellness program