Title: Vulnerability Management Analyst
Location: Hybrid in McKinney, TX (3 days on site/ 2 days remote )
Term: 6 months Contract to Hire
Summary
A Vulnerability Management Analyst bridges the gap between the InfoSec, Network, Systems, and user endpoint (desktop/mobile) engineering teams. This position is focused on running vulnerability discovery, analysis, and the continuous implementation of vulnerability remediations and security best practices to mitigate the banks risk. To ensure security remediation and best practice efforts are achieved in a timely fashion this role works closely with IT team members and resources to recruit their expertise/aid as needed.
Responsibilities
- Responsible for the vulnerability scanning, assessments, and baseline control scans.
- Review scan results for quality, including false positives and actionable remediation steps.
- Patching, vulnerability remediation, and security best practice direction to engineering resources.
- Collaborate with engineering resources to track and remediate vulnerabilities.
- Report on identified vulnerabilities at both a technical and executive level, provide management with briefings to advise on zero day and critical vulnerabilities.
- Stay up to date on emerging vulnerabilities/threats and related attacks to manage the risk of bank assets.
- Coordinate with Vendor Management for vendor vulnerability tracking.
Requirements
- Bachelor's degree in Computer Science, Information Systems, a related field, or equivalent work experience, is preferred.
- 5+ years as a vulnerability management or security analyst experience
- Experience with vulnerability tools like Rapid7, Qualys, Nessus
- Knowledge of industry standard scoring models such as CVSS
- Knowledge of MITRE ATT&CK framework.
- Skilled in providing direction and guidance for mitigations.
- Ability to meet deadlines, project management.
- Excellent interpersonal, documentation, and communication skills
- Careful attention to detail and time management
- Possess ability to work in fast-paced environment.
- Knowledge of compliance and regulatory program requirements, such as FDIC, SOX 404, PCI, ISO 27001, NIST, FISMA, and SOC standards
Preferred Skills
- Knowledge of PowerShell or other scripting language preferred
Certifications
- Industry security certification is a plus: GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler, CISSP, CISM, CISA, or similar.