Vulnerability Management AnalystPosted: November 17, 2009
Vulnerability Management Analyst
Location: Wilmington, DE
Length: 3-6 month contract-to-hire
The IT Security Team is responsible for the implementation of controls and delivery of services ensuring appropriate logical and physical protection of information and other assets enterprise wide.
Job Summary:
The IT Security Vulnerability Analyst Lead is responsible for monitoring numerous available sources of information regarding vulnerabilities to systems utilized, performing a risk-based needs analysis on vulnerability mitigation, and championing implementation of necessary mitigation.
The Analyst will also perform periodic and new system vulnerability scanning. Strict records will be maintained by the Analyst of risk decisions made and mitigated steps taken, including any required governance reporting.
The analyst will provide support in the form of threat and vulnerability analysis of our infrastructure, and will verify adherence to Security policy and known security guidelines such as Sarbannes-Oxley, PCI (Payment Card Industry standards), ISO 27000 series standards, and regulatory and compliance sources such as the U.S. Office of Thrift Supervision
Essential Functions:
Leading and managing the daily activities of the Vulnerability Team to include training, coaching, organizing, planning and staffing operations.
Development and continual improvement of processes and/or systems designed to ensure accurate implementation and management of vulnerabilities.
Ensure the integrity and availability of systems and applications through effective management of computer resources specific to the security infrastructure.
Ensure computer systems exceed security and service level targets through the use of reliable products, penetration and security assessment testing, and sound practices.
Determine the risk-based need for deployment of mitigation tools
Monitor regulatory and advisory sites and vendor reporting sources to identify available vulnerability mitigation tools and current patch level releases that are appropriate to our environment.
Champion deployment of recommended updates and maintenance fixes, working with responsible IT Teams and reporting status as appropriate. Maintain records of risks and mitigation controls for vulnerabilities across all platforms.
Ensure that the computing environment is kept current with service and software update releases, and evaluate security assessment tools for selection and integration into the environment.
Provide technical support and awareness programs for security issues related to systems and applications within our infrastructure
Provide efficient, high quality technical support services to ensure timely response to queries, resolution of problems, and reporting/escalation of issues related to the systems.
Assist in the recommendation and design of system architectures, platforms and specifications in order to meet current security standards and future business needs.
Perform system vulnerability scanning and assessment of new systems in conjunction with Security Officer review and approval of Change Control Requests
Communicate planning and development, documentation, and status to management.
Work with the rest of the IT Security Team to ensure the physical and logical stability, reliability, confidentiality, and integrity of systems is in accordance with established standards, policies, procedures and guidelines, taking appropriate actions for all violations.
Participating in other IT Security initiatives as needed.
Education and/or Certifications:
A post secondary education is a plus
CISSP or equivalent certification a plus
Technical skills and abilities:
Strong knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques
Technical knowledge of desktop and server hardware and software architectures and operating systems including Windows and Vista, UNIX, and Mac
Technical knowledge and familiarity with common business and financial software applications and functionality
In depth knowledge of current LAN/WAN network technologies, architectures, principles, operations, and protocols
Knowledge of current security vulnerabilities and any resultant impact
Exceptional interpersonal and customer service skills and the ability to ascertain and disseminate information quickly through a variety of channels
IT monitoring and reporting technology knowledge a strong plus Please refer to job code 91900 when responding to this ad.
| Category: | Information Technology |
| | | Location: | Wilmington, DE | | County: | New Castle County | | ZIP Code: | 19801 | | Pay Rate: | DOE | | Job Terms: | contract-to-hire | | Company: | Human Capital Management, Inc. | | Phone: | 610.341.0790 | | Fax: | 610.341.0791 |
|
