Our client, a leader in their industry is seeking a Vulnerability Management Analyst for a full time opportunity in the Downtown Pittsburgh, PA area. The Vulnerability Management Analyst is responsible for maintaining and executing a comprehensive vulnerability management program in order to mitigate threats posed in the environment. The position will interact with multiple technology stakeholders in order to facilitate the vulnerability management program, as well as assist in the overall execution of our client’s security and compliance portfolio.
Maintaining and executing the vulnerability management program to ensure that vulnerabilities are appropriately managed through the lifecycle in order to manage risk for the following process steps:
Procedures – Maintain and execute associated vulnerability management procedures.
Scanning – Execute comprehensive vulnerability scanning of our client’s environment.
Triage – Evaluate risk of vulnerabilities to ensure that results are accurate and appropriately risk-categorized.
Tracking and Reporting – Maintain tracking and dashboards to denote risk ratings and target service level agreement goals, including risk acceptance and alternative action plans.
Remediation – Work with stakeholders to help define remediation plans for vulnerabilities according to established procedures, SLAs and remediation timetables.
Validation – Execute validation functions to ensure proper closure of the vulnerability.
Measurement – Maintain metrics relative to vulnerability management for reporting.
Maintaining and improving the use of vulnerability management (and similar) software tools to gather information about the security posture; monitoring compliance with security-hardening standards across all technology platforms.
Maintaining knowledge of new security threats, vulnerabilities and industry solutions, as well as security technology trends and advances; advising management on how these threats can affect information assets and providing recommendations for mitigating them.
Assisting with third-party security, threat and vulnerability assessment activities.
Assisting with the execution of the security compliance program to ensure adherence to security best practices, regulatory requirements and security policies.
Participating on project working teams that introduce new capabilities and technologies to ensure that vulnerability and hardening exposure is managed.
Three to five (or more) years of experience in information security or a combination of information security and IT/IS audit or related discipline
Strong knowledge of vulnerability management processes to support external, internal and web application scanning practices
Strong working knowledge of vulnerability management toolsets (e.g., Qualys) and all components of the toolset to fully operationalize the vulnerability management lifecycle
Strong working knowledge of operational baselines hardening (e.g., CIS Benchmarking) standards
Strong working knowledge of web application coding (dynamic) scanning practices
Knowledge of security event monitoring and data access governance tools (e.g., Log Rhythm, StealthBits)
Strong spreadsheet and data analytic skills (including detail focus and critical thinking)
Knowledge of static code analysis tools is a plus
Knowledge of data visualization toolsets (e.g., Tableau) is a plus
Working knowledge of information security best practices, technology control frameworks (e.g., NIST CSF and COBIT) and information security risk management standards
Knowledge of IT service management processes and related control activities in the areas of change management, computer operations, database administration, information security administration, network security, operating system security and web application security
Knowledge of current tools/practices for developing and publishing policies, procedures, metrics and other information
Strong organizational skills and written and oral communication skills
Strong aptitude for technology, an ability to learn quickly, and a desire to solve problems and improve processes
Bachelor’s degree in information systems or related field, or an equivalent combination of education and work experience;
Industry certification or eligibility preferred (e.g., Security: CISSP, CISA and CRISC; Technical: OWASP)
Internal Number: 18548
The most pressing issue for businesses today is the quest for growth, and more than innovation, operations or even customer relationships, CEOs are looking for talent and leadership to secure and sustain it. People are truly an organization’s greatest asset.
With an active nationwide database of more than 500,000 seasoned professionals, A.C.Coy employs the latest tools to manage effective recruiting. The technology helps to quickly identify and contact the right candidates with the skills and experience clients need.
The tools that A.C.Coy uses provide a unique perspective regarding culture, performance, leadership, and team "fit". And our integration methodology ensures that new leaders are integrated quickly and successfully without breaking stride.