Infrastructure Vulnerability Analyst II-Whitehouse Station, NJ - Georgia IT Inc.
Whitehouse Station, NJ
About the Job
Infrastructure Vulnerability Analyst II
Location: Whitehouse Station, NJ
6 Months Contract
The Infrastructure Vulnerability Analyst will leverage analytic and technical skills to Client cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture in the assets in North America. The qualified candidate will assess vulnerabilities, then collaborate with IT and business teams to ensure prompt and effective distribution of findings and that risk and incidents are addressed in the most effective and efficient manner possible.
We are looking for individuals who have experience performing vulnerability assessment and remediation activities and support the security team as part of the vulnerability management program. The position includes performing vulnerability analysis, review and validate vulnerability findings within the defined application including; O/S vulnerability analysis, written and verbal articulation of remediation recommendations, prioritizing remediation activities with application teams and follow up.
Duties & Responsibilities:
• Assess new vulnerabilities, investigate solutions and compensating controls on information systems and infrastructure
• Review and validate vulnerability findings
• Prioritizing remediation activities with application teams through risk ratings of vulnerabilities and assets
• Verify vulnerability remediation/mitigation
• Interface with network and infrastructure team for any challenges in the remediation
• Collate security incident and vulnerability findings to produce monthly and weekly management reports
• Implement or coordinate remediation required by audits.
• Assist in developing program quality metrics as both program performance indicators and enterprise risk indicators
• Work with Application Vulnerability team as needed to integrate vulnerability findings against application level scans to mitigate the vulnerabilities.
• Leverage Client inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
• Monitor vulnerability mitigation and patching in vendor managed assets
• Implement ad-hoc scans to verify the remediation status
• Helping to develop the Client's next-generation vulnerability management program including formalized assessment criteria, integration with asset inventory and remediation tracking and governance.
Qualifications - External
Minimum Qualifications:
• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
• Minimum 1-3 years of experience working in Information Security
• Experience with management and use of Rapid7 Nexpose
• Experience in operating vulnerability scanning infrastructure and services
• Experience analyzing scans/reports from security scanning tools and other internal security tools related to risk and vulnerability
• Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Knowledge of industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS)
• Knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
• Working experience with industry frameworks (CSF, ISO, COBIT, etc.)
• Comfortable working outside their comfort zone with a willingness to learn
• Excellent verbal and written communication skills
• Strong analytical skills
• Strong team player with ability to work independently
• Strong project management skills and ability to multi-task
• Self-motivated with strong initiative
Preferred Qualifications
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in performing impact/risk assessments.
• Skill in program and project management.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration
Location: Whitehouse Station, NJ
6 Months Contract
The Infrastructure Vulnerability Analyst will leverage analytic and technical skills to Client cyber risks; prioritize assets, assess risks and remediation/mitigation techniques; report on risks, and drive and track remediation/mitigation/acceptance of risk to improve security posture in the assets in North America. The qualified candidate will assess vulnerabilities, then collaborate with IT and business teams to ensure prompt and effective distribution of findings and that risk and incidents are addressed in the most effective and efficient manner possible.
We are looking for individuals who have experience performing vulnerability assessment and remediation activities and support the security team as part of the vulnerability management program. The position includes performing vulnerability analysis, review and validate vulnerability findings within the defined application including; O/S vulnerability analysis, written and verbal articulation of remediation recommendations, prioritizing remediation activities with application teams and follow up.
Duties & Responsibilities:
• Assess new vulnerabilities, investigate solutions and compensating controls on information systems and infrastructure
• Review and validate vulnerability findings
• Prioritizing remediation activities with application teams through risk ratings of vulnerabilities and assets
• Verify vulnerability remediation/mitigation
• Interface with network and infrastructure team for any challenges in the remediation
• Collate security incident and vulnerability findings to produce monthly and weekly management reports
• Implement or coordinate remediation required by audits.
• Assist in developing program quality metrics as both program performance indicators and enterprise risk indicators
• Work with Application Vulnerability team as needed to integrate vulnerability findings against application level scans to mitigate the vulnerabilities.
• Leverage Client inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
• Monitor vulnerability mitigation and patching in vendor managed assets
• Implement ad-hoc scans to verify the remediation status
• Helping to develop the Client's next-generation vulnerability management program including formalized assessment criteria, integration with asset inventory and remediation tracking and governance.
Qualifications - External
Minimum Qualifications:
• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
• Minimum 1-3 years of experience working in Information Security
• Experience with management and use of Rapid7 Nexpose
• Experience in operating vulnerability scanning infrastructure and services
• Experience analyzing scans/reports from security scanning tools and other internal security tools related to risk and vulnerability
• Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Knowledge of industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS)
• Knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
• Working experience with industry frameworks (CSF, ISO, COBIT, etc.)
• Comfortable working outside their comfort zone with a willingness to learn
• Excellent verbal and written communication skills
• Strong analytical skills
• Strong team player with ability to work independently
• Strong project management skills and ability to multi-task
• Self-motivated with strong initiative
Preferred Qualifications
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in performing impact/risk assessments.
• Skill in program and project management.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration
Source : Georgia IT Inc.