mroads is looking for a "Information Security Analyst" for one of the direct clients. This is a remote opportunity with the client.
Description:
Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security. Conduct vulnerability assessments and monitor systems, network, databases, and Web for vulnerabilities. Respond to alerts from information security tools. Report, investigate and work with support team to resolve vulnerabilities. Educate and communicate security requirements and procedures to users and new employees. Recommend and implement changes to enhance systems security and prevent unauthorized access. Research and keep abreast of security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. Ensure compliance with regulations and privacy laws.
Performs the day-to-day operations of the Vulnerability Management program. Responsible for vulnerability identification, analysis, communication, and remediation. Acts as main point of contact and articulate vulnerability complexity and remediation strategies to partners. Responsible for collecting, processing, monitoring, and dissemination of security vulnerabilities as well as potential threat to the environment. Run and support vulnerability management scans across all systems and work with support teams to solve and fix issues as they arise. Experience with Enterprise vulnerability management tools Qualys Vulnerability Management suite is a must.
A passion and proven ability to drive security that is frictionless, collaborative, and effective. Develop working partnerships with business and system owners to ensure systems are effectively scanned and remediated. Partner with each functional area to overlay vulnerability data with system knowledge to identify where compensating controls or deep system knowledge can be applied to lower the effective risk.
Experience with SQL Server Management Studio and writing SQL queries, to drive analysis of vulnerability data and answer data questions as they arise. Compile vulnerability metrics/Key Performance Indicators and regular reporting mechanisms for measuring compliance of vulnerability management projects.
Validate proper mitigation controls are in place until remediation activities are complete.
Conduct research and evaluate the risk of the latest threat intel, vulnerabilities, and exploits to clients environment
Provide and demonstrate strong leadership, and organizational abilities applied across a large team with diverse skills, good communicator, and team player. Strong written and verbal communication skills with the ability to collaborate across functions.
Requirements:
• Experience with threat intelligence, specifically pertaining to the evaluation of the risk to the enterprise as well as CVSS calculations to understand vulnerable and impacted components.
• Experience with Qualys Cloud Agent, Qualys API, Qualys Policy compliance and Qualys PCI module and Qualys Detection Score.
• Experience in AWS cloud environments and capabilities as well as understanding of container vulnerability management process.
• Experience solving firewall issues preventing vulnerability management scanners from reaching their targets, or issues preventing Qualys Agents from checking-in to the Qualys platform.
• Experience with typical scripting and/or programming languages such as Groovy Script, Regular Expressions, PowerShell, Python, VBA, JavaScript, and SQL