CCC Information Services Inc. is the technology platform for the underwritten assets economy. CCC technology, insights, and support connect industries – insurers, automotive manufacturers, collision repairers, parts suppliers, lenders, fleet operators and more – to advance decision-making, productivity, and customer experiences for thousands of clients worldwide. Clients leverage CCC’s network management, data management, AI, operational workflows and customer experience solutions to efficiently scale, interact, transact and achieve their unique business objectives. CCC was ranked a best mid-sized company to work for by Forbes (2019). BuiltIn Chicago, Austin and LA named CCC a top place to work in 2020. Diverse perspectives and experiences are core to CCC’s success and award-winning culture of more than 2,000 employees worldwide. We hold inclusion as a core value and are committed to celebrating and cultivating the diversity of our team. With a 40+ year track record of innovation, CCC’s tenacious spirit and growth mindset turn next generation technology into real world solutions and empower team members to expand their knowledge and potential. Headquartered in Chicago, CCC has 11 locations worldwide. CCC’s principal PE investors are Advent International, Technology Crossover Ventures, and Oak Hill Capital Find out more about CCC Information Services by visiting cccis.com.

Job Description Summary

CCC Information Services is seeking a Sr. Vulnerability Management Analyst who will support the analysis of software/hardware vulnerabilities and the impact those vulnerabilities will have to CCCIS systems. Ability to develop and communicate detected vulnerabilities and system hardening remediation strategies aligned to company policy. In addition, you will utilize your expertise to identify priority levels for vulnerability fix actions and contribute to the mitigation strategies that can be implemented prior to the release of fix actions.

Job Duties

• Configure, operate and maintain the tools used for vulnerability management to include software, architectural, scheduling and policy development.
• Provide notification of potential threats by detecting, reporting and tracking vulnerabilities across the CCCIS enterprise.
• Develop, document, and communicate vulnerability management operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities.
• Monitor and report metrics on the progress of internal and external organizations to ensure vulnerability remediation requirements are fulfilled.

Qualifications

• Bachelor’s Degree + 4-8 years of related experience.
• Experience in tools like Rapid7/Qualys/Nessus for policy and assessment scans.
• Knowledgeable of the OWASP top 10 web vulnerabilities and remediation strategies.
• Experience in an operational environment understanding potential impacts of scanning, patching and remediation of vulnerabilities.
• Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic Unix and Windows system administration, basic understanding of malware and malicious system, or intermediate knowledge of computer network defense operations (proxies, firewalls, IDS/IPS, routers/switches, web app firewalls)
• Experience in infrastructure security, cloud/virtualization security and mobile security.
• Technical understanding of insecure protocols and poor credential management.
• Familiar with CIS/NIST/STIGS standards, ITIL framework and Change Management.
• Good understanding of IT Infrastructure and Application lifecycle management.
• Experience creating process and procedure document related to vulnerability management.
• Experience developing and presenting reports based on vulnerability tracking and risks.
• Working knowledge of threat and vulnerability analysis, patch management tools and techniques, DNS services, web application vulnerabilities and system hardening guidelines.
• Strong business acumen, communication skills, and process-oriented thinking.