Senior Vulnerability Management Analyst

The Senior Vulnerability Management Analyst will support the analysis of software/hardware vulnerabilities, impact, and lead the remediation efforts for the on premise and cloud environments. 

The Senior Vulnerability Management Analyst will use their expertise to manage complete vulnerability management operations by working with and providing guidance to all the stakeholders. 

PRIMARY RESPONSIBILITIES: 

• Manage and run the threat and vulnerability management operation effectively and mentor the junior team members.
• Establish proactive threat and vulnerability monitoring, identification, assessment / analysis, validation, remediation, and reporting mechanism.
• Be able to manage and administer threat and vulnerability management tools and have hands on working experience with Tenable Nessus, Netsparker, Trellix suite, Palo Alto, BigFix, Splunk etc.
• Must be familiar with Government security mandates and requirements.
• Own the threat and vulnerability scanning schedules as well as management and communicate the results with the stakeholders to ensure timely mitigation.
• Work with other teams to integrate the threat and vulnerability management processes with the maintenance windows.  
• Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.
• Compile daily, weekly, and annual vulnerability metrics associated with affected and non-affected products.
• Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities. 
• Prioritize identified vulnerabilities based upon severity, potential operational impact, and other factors for the client. Analyze issues affecting components with vendor provided fixes and contact the appropriate vendor for a defined and attainable solution. 
• Provide notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses as they migrate throughout the client environment and globally. 
• Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

BASIC QUALIFICATIONS: 

• Bachelor’s degree in a relevant technical discipline and 4+ years of overall related experience. 5+ years of additional related years of experience is accepted in lieu of a degree. 
• Demonstrated experience with incident management tools such as ServiceNow and Jira.
• Experience in threat and vulnerability scanning and remediation methodologies.
• Familiarity with System Incident and Event Management (SIEM) and other logging and monitoring tools.
• Experience in vulnerability management and threat management tools such as Tenable Nessus, Netsparker, McAfee suite, Palo Alto, Amazon inspector and Cloud Watch etc.
• Experience in a hybrid operations environment providing leadership specified reports based on information received from other system owners and operations team. 

PREFERRED QUALIFICATIONS: 

• BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.
• Strong software development skills. 
• Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels
• Proficient in developing briefing materials, administrative, and logistic support.
• Advanced communications and presentation skills enabling precise conveyance of information across the organization with command.