Vulnerability Management Analyst

The Vulnerability Management Analyst is responsible for identifying information security vulnerabilities that could potentially be exploited and creating a remediation strategy with the appropriate business partner that resolves the potential risks involved. This is a technical role and is critical to the successful delivery of the Information Security strategy. This role will need to balance business priorities, information security risks, emerging threats, and best security practices to ensure the confidentiality, integrity, and availability of critical information assets; recognize vulnerabilities, understand the associated risk, and develop achievable and effective remediation/mitigation strategies; measures potential risks against existing information security controls.

• Maintain tools used to perform the ongoing assessments
• Configure and coordinate network and application penetration tests as needed
• Provide risk assessment of vulnerabilities identified and pen test results
• Utilize threat and CERT advisories to evaluate potential impact to enterprise posed by various vulnerabilities
• Develop and maintain remediation and mitigation processes with Security team to address or resolve risks associated with vulnerabilities
• Assist with developing capabilities necessary to monitor and detect indicators of compromise using security scripts, tools and services
• Assist with internal research and remediation efforts involving vulnerability exploits

• Bachelor's degree in a technical engineering , Management Information Systems, Information Security, Computer Information Systems or related IT related field
• At least 1 year progressively responsible information security experience.
• Experience performing analysis of network security infrastructure components (e.g., network topography, firewalls, servers, IPS/IDS) and assessing the effectiveness of security implementation.
• Experience in TCP/IP protocol stack and application protocols such as DHCP, SNMP, DNS, etc. IPSec and SSL VPNs along with SSL/TLS protocol understanding.
• Foundational skills in vulnerability assessments of networks and operating systems with some pen testing experience is desired
• Familiarity in using a variety of security network and application scanning tools such as Tenable, Rapid7, Qualys and others is PLUS.
• Working knowledge of IT systems and functions, process development, change management, and software review processes.
• Ability to conduct technical evaluations of security solutions and products.
• Highly seasoned in organizational, time management, decision making and problem solving skills.
• Strong interpersonal, verbal, presentation and written communication skills.
• Strong analytical skills.
• Networking certifications or background in systems and/or network administration desirable.
• Must complete continuing education requirements as outlined by Crawford Educational Services