Vulnerability Management Analyst

Company: PRI Technology
Location: East Hartford
Posted on: May 25, 2023

Job Description:

Security / Vulnerability -Analyst
Full Time
East Hartford, CT (Onsite 1x per week)

Position Summary:
Responsible for administering and monitoring the Vulnerability -Program, analyzing -issues and determining risk in a timely -fashion. Utilizes vulnerability scanning tools and SQL query to create vulnerability remediation projects. Collaborates with Network Services to ensure timely remediation of vulnerabilities to reduce technical and business risk.

Essential Duties and Responsibilities:

• 
  
• Assists in development and maintaining of vulnerability management security metrics, key risk indicators, remediation-related dashboards and reporting to quantify program effectiveness.
  
• Collaborates with Network Services to understand vulnerability management needs and assist with remediation and mitigation strategies. Patching and remediation is outside the duties of this role, and is instead performed by Network Services.
  
• Analyzes and prioritizes remediation of internal and independent third-party information security assessments, making recommendations on appropriate modifications to enhance information security and establishing security baselines for new technology.
  
• Responsible for configuring and maintaining vulnerability scanning tools, scheduling and performing scans, researching and analyzing vulnerabilities, and utilizing SQL query to create and prioritize vulnerability remediation projects.
  
• Provides support and resolution for scanning and vulnerability remediation reporting issues, working with vendors as appropriate.
  
• Develops and maintains excellent operational practices related to vulnerability management.
  
• Contributes to automation efforts in the detection, categorization, reporting and tracking of identified vulnerabilities.
  
• Analyzes and reports on vulnerability trends to identify areas of prioritization based on risk.
  
• Provides verbal and written reports on vulnerability risk to supervisory, the Security Program Committee, and other technical stakeholders.
  
• Contributes to information technology vulnerability management and risk strategy.
  
• Subscribes to daily alerts from several external vulnerability sources (e.g., FS-ISAC, InfraGard, US CERT/CISA) to proactively identify vulnerabilities that may impact the organization. -
  
• Maintains current knowledge of the threat landscape including attacker tactics, techniques and procedures.
  
• Administers and monitors, as directed:
  
  
  
  Network Scanning, remediation processes and reporting;
  Patch Management processes and reporting;
  Security Incident Event Management (SIEM);
  Configuration Management standards, specifically Firewall changes and system hardening;
  IDS/IPS reporting and SIEM tools;
  Data Loss Prevention Monitoring and reporting;
  Anti-phishing and brand protection processes and reporting;
  Logical access Reviews, processes and reporting;
  Active Directory Reviews, processes and reporting;
  Security of vendors and meeting security requirements;
  Application Security; and,
  Managed Security Service Provider (MSSP)
  
  
  Skills and Abilities:
  
  
  • 
    
  • Must have substantial knowledge and experience with vulnerability management tools such as Nessus, Qualys and/or Rapid7.
    
  • Advanced Microsoft Excel skills, including use of VLOOKUP function, conditional formatting, and pivot tables.
    
  • Understands asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected.
    
  • Knowledge of OWASP, web application assessments, and system development lifecycle (SDLC) preferred.
    
  • Understanding of network and security devices, software, and services to include: Routers, switches, firewalls, IDS/IPS, SSL and client-based VPNs, Windows Servers, Microsoft Active Directory Services, DNS, TCP/IP. Understanding of common networking protocols and services and their relevant security issues (TCP/IP, IPX/SPX, DNS, SNMP, 802.1x, SSL, TLS etc.).
    
  • Knowledgeable in Encryption, Virtual technology, application security, access control methodologies, and wireless technology
    
  • Understanding of security and IT platforms, to include: IPS/IDS, Antimalware, Firewall, VPN, MDM, Proxy, Web filtering, and SIEM tools.
    
  • Familiarity with Common Security Frameworks to include: NIST CSF, CIS Critical Security Controls, ISO 27001, and PCI DSS.
    
  • Strong analytical and problem solving skills, detail-oriented, and strong organizational or project management skills.
    
  • Ability to work comfortably and successfully in a fast-paced environment with frequent changes in priorities.
    
  • Strong documentation skills, a keen eye towards continual process improvement, and strong verbal and written communication skills are required.
    
  • Self-started that can work independently with minimal direction and as a member of the team.
    
    
    
    Adam Planica
    PRI Technology
    973.732.5454 x41
    adam.planica@pritechnology.com

Keywords: PRI Technology, East Hartford , Vulnerability Management Analyst, Executive , East Hartford, Connecticut