Vulnerability Management LeadPosted: November 17, 2009
Vulnerability Management Lead
Location: Wilmington, DE
Length: 3-6 Months to Hire
Same as Analyst with addition of Lead responsibilities over 2 Monitoring resources and the Vulnerability Management Analyst.
The IT Security Team is responsible for the implementation of controls and delivery of services ensuring appropriate logical and physical protection of information and other assets enterprise wide
Job Summary:
The IT Security Vulnerability Analyst is responsible for monitoring numerous available sources of information regarding vulnerabilities to systems, performing a risk-based needs analysis on vulnerability mitigation, and championing implementation of necessary mitigation.
The Analyst will also perform periodic and new system vulnerability scanning. Strict records will be maintained by the Analyst of risk decisions made and mitigated steps taken, including any required governance reporting.
The analyst will provide support in the form of threat and vulnerability analysis of our infrastructure, and will verify adherence to Security policy and known security guidelines such as Sarbannes-Oxley, PCI (Payment Card Industry standards), ISO 27000 series standards, and regulatory and compliance sources such as the U.S. Office of Thrift Supervision
Essential Functions:
Ensure the integrity and availability of systems and applications through effective management of computer resources specific to the security infrastructure.
Ensure computer systems exceed security and service level targets through the use of reliable products, penetration and security assessment testing, and sound practices.
Determine the risk-based need for deployment of mitigation tools
Monitor regulatory and advisory sites and vendor reporting sources to identify available vulnerability mitigation tools and current patch level releases that are appropriate to our environment.
Champion deployment of recommended updates and maintenance fixes, working with responsible IT Teams and reporting status as appropriate. Maintain records of risks and mitigation controls for vulnerabilities across all platforms.
Ensure that the computing environment is kept current with service and software update releases, and evaluate security assessment tools for selection and integration into the environment.
Provide technical support and awareness programs for security issues related to systems and applications within our infrastructure
Provide efficient, high quality technical support services to ensure timely response to queries, resolution of problems, and reporting/escalation of issues related to the systems.
Assist in the recommendation and design of system architectures, platforms and specifications in order to meet current security standards and future business needs.
Perform system vulnerability scanning and assessment of new systems in conjunction with Security Officer review and approval of Change Control Requests
Communicate planning and development, documentation, and status to management.
Work with the rest of the IT Security Team to ensure the physical and logical stability, reliability, confidentiality, and integrity of systems is in accordance with established standards, policies, procedures and guidelines, taking appropriate actions for all violations.
Participating in other IT Security initiatives as needed.
Experience & Qualifications:
3 * 5 years related work experience, preferably in financial services or other regulated and secure industry.
2+ years experience with Information Technology, with specific experience regarding operating system patching, vulnerability scanning, and/or intrusion detection systems.
Effective knowledge of information security theory and practices
Strong technical knowledge of relevant security tools and processes
Excellent communication skills, both written and verbal
Ability to be adaptable and flexible while responding to deadlines on assignments and workflow fluctuations.
Ability to work with concepts and work independently.
Excellent problem diagnosis, analytical, and communication skills.
Ability to balance several conflicting demands to achieve optimum services performance with minimum disruption to business operations.
Sound experience in devising ways to extract data from many sources and translating this data into useful information
Education and/or Certifications:
A post secondary education is a plus
CISSP or equivalent certification a plus
Technical skills and abilities:
Strong knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques
Technical knowledge of desktop and server hardware and software architectures and operating systems including Windows and Vista, UNIX, and Mac
Technical knowledge and familiarity with common business and financial software applications and functionality
In depth knowledge of current LAN/WAN network technologies, architectures, principles, operations, and protocols
Knowledge of current security vulnerabilities and any resultant impact
Exceptional interpersonal and customer service skills and the ability to ascertain and disseminate information quickly through a variety of channels
IT monitoring and reporting technology knowledge a strong plus Please refer to job code 91901 when responding to this ad.
|
