Job Details – this job has expired, please see similar jobs below
A Vulnerability Analyst in Company website will be required to review, validate, prioritize, and provide remediation steps for system and network vulnerabilities detected throughout Company website. The analysis will be reported to respective platform owners and should include detailed technical descriptions of a given vulnerability, likelihood of exploitation, technical and business impact if exploited, and any mitigation recommendations. This position will also be responsible for managing Company website's system and network vulnerability scanning platform(s). This position may be required to support application vulnerability analysis, and other security analysis such as intrusion detection and prevention, as deemed necessary. The individual in this position must be self-motivated, and demonstrate adaptability in a constantly changing technological environment, and will have the opportunity to serve as a strong contributor in the analysis, coordination, and remediation of vulnerabilities.
Maintain awareness of confirmed, potential, publicly disclosed (CVEs), and privately generated vulnerability information.
Assess complexity of, availability of, or feasibility to create an exploit.
Inform remediation procedures and prioritization based on susceptibility by technical means and overall risk exposure.
Align vulnerability and asset inventory to ensure proper assessment coverage and frequency.
Measure for adherence with secure configuration best practice and develop benchmarks derived from industry sources such as DISA, STIGs, NIST, CIS, OWASP, and USGCB.
Coordinate and track interdepartmental remediation activities.
Operation of solutions throughout the lifecycle of vulnerability management including asset management, scanning/testing, analysis, reporting, and ticketing.
BS in Computer Science or equivalent knowledge and experience.
Reviewing application, system, and network security vulnerabilities.
Comprehensive knowledge of Linux, Mac, and Windows operating systems, and networking protocols.
Knowledge of scripting and common Company application languages.
Familiarity with vulnerability scanning platforms: Nexpose, Nessus, Qualys, OpenVAS, etc.
Excellent written and verbal communication skills to draft and present comprehensive vulnerability assessment reports
Experience in writing intrusion detection signatures is preferred but not mandatory: Snort, YARA
Information security certifications preferred but not mandatory: CVA, GPEN, CPT, CEPT, OSCP, GCIH, OSCE, OSWE, CEH, CISSP.
Sign up and search through 14,012 curated jobs in the Internet Edition: