Job Description :
Sr. Analyst Vulnerability Management
Burbank, CA
The vulnerability management team hunts for and prioritized vulnerabilities that could lead to a breach of confidentiality, integrity or availability of sensitive information.
Responsible for implementing, configuring and maintaining vulnerability and compliance scanning tools such as Qualyguard, AlertLogic, AppScan, and Nessus
Conduct scheduled and ad hoc application and system scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and communicate findings effectively
Ensure data flows are maintained between internal tools and enterprise wide reporting dashboard
Develop and manage scanning/profiling tools and automated tasks
Perform and post results of scheduled and on demand vulnerability assessments
Provide technical feedback on proposed solutions to identified vulnerabilities
Interface with vendor support teams to keep abreast of developments in product lines
Research security testing tools, techniques, and processes
Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities
Recommend approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes
Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the security operations center (SOC)
Promote collaboration with our stakeholders and Red Team researchers to prioritize the remediation of vulnerabilities and close potential attack vectors.
Understand asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected
Develop the vulnerability reports and score cards that the define current state of the corporate network security risk posture.
Mentor and train more junior staff in vulnerability management and awareness. Prioritization of vulnerabilities, attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
Work closely with Security Incident Response Team and Architecture team members to help improve the team''s abilities in Detection, Prevention and Response capabilities
Work with business leaders and other ISO staff to prioritize vulnerability findings for remediation
Qualifications
4+ years of cyber security experience
5-7 years of technology experience
Ability to utilize best in class practices and determine best remediation path
Intermediate level knowledge of Windows and two or more of the following operating systems; *NIX, OS X, iOS, etc.
Demonstrated knowledge of web application security tools such as Qualys, Splunk, AlertLogic, Burp, nmap, Metasploit, etc.
Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel) and other standard (Customer specified) applications.
Demonstrated knowledge of TCP/IP protocols, network analysis, and network/security applications
Demonstrated experience with scripting languages, such as PowerShell, Python, Bash, PHP, etc. preferred
Excellent analytical and problem-solving skills
Strong interpersonal, oral and written communication skills
The personality traits, work habits, and social skills necessary to work effectively within a dynamic and highly operational broadcast environment
Exemplary personal and professional integrity
Certifications in related areas (e.g. CISSP, SANS GPEN/GWAPT/GXPN, OSCP, CEH) are preferred.