Vulnerability Management Analyst
Company: PRI Technology
Location: East Hartford
Posted on: May 25, 2023
Security / Vulnerability -Analyst
East Hartford, CT (Onsite 1x per week)
Responsible for administering and monitoring the Vulnerability
-Program, analyzing -issues and determining risk in a timely
-fashion. Utilizes vulnerability scanning tools and SQL query to
create vulnerability remediation projects. Collaborates with
Network Services to ensure timely remediation of vulnerabilities to
reduce technical and business risk.
Essential Duties and Responsibilities:
- Assists in development and maintaining of vulnerability
management security metrics, key risk indicators,
remediation-related dashboards and reporting to quantify program
- Collaborates with Network Services to understand vulnerability
management needs and assist with remediation and mitigation
strategies. Patching and remediation is outside the duties of this
role, and is instead performed by Network Services.
- Analyzes and prioritizes remediation of internal and
independent third-party information security assessments, making
recommendations on appropriate modifications to enhance information
security and establishing security baselines for new
- Responsible for configuring and maintaining vulnerability
scanning tools, scheduling and performing scans, researching and
analyzing vulnerabilities, and utilizing SQL query to create and
prioritize vulnerability remediation projects.
- Provides support and resolution for scanning and vulnerability
remediation reporting issues, working with vendors as
- Develops and maintains excellent operational practices related
to vulnerability management.
- Contributes to automation efforts in the detection,
categorization, reporting and tracking of identified
- Analyzes and reports on vulnerability trends to identify areas
of prioritization based on risk.
- Provides verbal and written reports on vulnerability risk to
supervisory, the Security Program Committee, and other technical
- Contributes to information technology vulnerability management
and risk strategy.
- Subscribes to daily alerts from several external vulnerability
sources (e.g., FS-ISAC, InfraGard, US CERT/CISA) to proactively
identify vulnerabilities that may impact the organization.
- Maintains current knowledge of the threat landscape including
attacker tactics, techniques and procedures.
- Administers and monitors, as directed:
Network Scanning, remediation processes and reporting;
Patch Management processes and reporting;
Security Incident Event Management (SIEM);
Configuration Management standards, specifically Firewall changes
and system hardening;
IDS/IPS reporting and SIEM tools;
Data Loss Prevention Monitoring and reporting;
Anti-phishing and brand protection processes and reporting;
Logical access Reviews, processes and reporting;
Active Directory Reviews, processes and reporting;
Security of vendors and meeting security requirements;
Application Security; and,
Managed Security Service Provider (MSSP)
Skills and Abilities:
- Must have substantial knowledge and experience with
vulnerability management tools such as Nessus, Qualys and/or
- Advanced Microsoft Excel skills, including use of VLOOKUP
function, conditional formatting, and pivot tables.
- Understands asset criticality and the identification of system
software and configuration vulnerabilities and critical
information, data and processes that must be protected.
- Knowledge of OWASP, web application assessments, and system
development lifecycle (SDLC) preferred.
- Understanding of network and security devices, software, and
services to include: Routers, switches, firewalls, IDS/IPS, SSL and
client-based VPNs, Windows Servers, Microsoft Active Directory
Services, DNS, TCP/IP. Understanding of common networking protocols
and services and their relevant security issues (TCP/IP, IPX/SPX,
DNS, SNMP, 802.1x, SSL, TLS etc.).
- Knowledgeable in Encryption, Virtual technology, application
security, access control methodologies, and wireless
- Understanding of security and IT platforms, to include:
IPS/IDS, Antimalware, Firewall, VPN, MDM, Proxy, Web filtering, and
- Familiarity with Common Security Frameworks to include: NIST
CSF, CIS Critical Security Controls, ISO 27001, and PCI
- Strong analytical and problem solving skills, detail-oriented,
and strong organizational or project management skills.
- Ability to work comfortably and successfully in a fast-paced
environment with frequent changes in priorities.
- Strong documentation skills, a keen eye towards continual
process improvement, and strong verbal and written communication
skills are required.
- Self-started that can work independently with minimal direction
and as a member of the team.
Keywords: PRI Technology, East Hartford , Vulnerability Management Analyst, Executive , East Hartford, Connecticut
Didn't find what you're looking for? Search again!
Loading more jobs...