Duties And Responsibilities
- Implement and operationalize external perimeter scanning tool based on Qualys
- Interpreting, summarizing, and correlating vulnerability data with asset management in order to present business relevant views of the raw vulnerability datasets
- Creating, updating and maintaining metrics and presentation material for tracking, measuring progress and reporting on vulnerability status
- Produce, track and maintain reliable vulnerability metrics on a daily basis, track and report on specific vulnerability efforts (like emergency vulnerabilities) and generating appropriate documentation for the effort
- Perform daily reviews of different security systems and tools
- Respond and track vulnerability tasks by patching or suggesting solutions
- Proactively identify security flaws and vulnerabilities, and can think both like an attacker and defender
- Audit systems for secure configuration - users, central logging, etc.
- Support periodic internal and external audit of cybersecurity program and processes
- Continuous vulnerability assessment and remediation
- Code review
- Data Loss prevention (DLP)
- Vendor security reviews
- System/Network security monitoring with Security Information Event Management tools
- Active participation in Incident Response team meetings
- Implement and upgrade security measures and controls
- Define, implement and maintain corporate security policies
- Continuously review security bulletins and related news; stay apprised of current threats and trends
- Participate in data and root cause analysis for each service impacting incident with all possible corrective actions for improvement
- Working in partnership with other teams to improve defensive posture
Knowledge, Skills, And Abilities Required
- 4-5 years of experience in Corporate IT Security administration or Security Analyst position
- Bachelor’s degree in Information Technology, Information Security, or related field
- Prior experience patching security vulnerabilities on Servers, End Points, or applications both onsite or SaaS applications
- Knowledge of Information Security principles and practices, understanding of security protocols, principles, standards and defense in depth
- Experience analyzing, troubleshooting, and investigating information security incidents from a variety of reporting platforms such IPS/IDS, DLP, SIEM, and vulnerability monitoring systems
