Junior Vulnerability Management Analyst
Summary
The Information Security Office is responsible for safeguarding the confidentiality and availability of an organization’s assets, including its information, services, and people.
The Junior Vulnerability Management Analyst will assist the Information Security Manager in the management and remediation of identified security vulnerabilities, policy violations and audit findings (legal, regulatory, operational, etc.). The Junior Vulnerability Management Analyst will collaborate with SDI technical staff to remediate vulnerabilities and respond to audits.
Responsibilities
- Assist the Information Security Manager in assigning and tracking the remediation of security vulnerabilities
- Represent the SDI technical team for internal audit programs
- Work with the SDI technical team to collect, document and deliver the information required by Auditors
- Maintain all documentation required for security assessments, audits, internal controls, and control testing
- Maintains Incident Response Plan and Incident Handling Procedures related to the SOC and SIEM events.
- Ensure that updated security policies and procedures are posted to the knowledgebase
- Maintain awareness of current security trends, threats, policies, procedures, and best practices.
- Help promote security awareness
- Provide ad hoc reporting
- Assist the Information Security Manager in the management of the security operations center (“SOC”)
Requirements
- BS/BA degree with two years of applicable experience as a cyber analyst
- Security certification a plus (CISM, CISA, CEH, Security+)
- 5+ years of experience working in a related field: IT Operations, Security Administration, Asset/Risk Management
- 1+ years of progressive experience in securing, protecting, analyzing, monitoring and implementing Cybersecurity tools.
- Working knowledge of IT concepts in Network, Server and Desktop support
- Strong understanding of Patch Management operations (Operating Systems, desktop utilities, device firmware)
- Excellent written communication skills using Excel, Word and Power Point
- Familiarity with controls and control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, CIS, HIPPA, PCI
- Ability to work independently and within a larger group of engineers
- Strong knowledge on risk scoring vulnerability issues and their individual severities (CVSS)
- Experience using ServiceNow a plus
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.