IT Cybersecurity Analyst - Vulnerability Management Cyber Security Engineer

The IT Cybersecurity Analyst is an intermediate level position with the purpose of transacting technical cybersecurity business given a competent knowledge of the work. Works on systems, deliverables and issues that are complex and applies industry best practices, as well as company policies and practices to develop solutions. Is required to effectively support the assessment of threat environment and receives general instructions on routine work and more detailed instructions on new work.

Works to support the company's overall cybersecurity infrastructure and operational effectiveness through cybersecurity preparedness, threat prediction and detection, incident response and recovery, and is involved in both design & engineering and operational activities. Specific functional areas include, but are not limited to, identity and access management, cybersecurity engineering and operations, threat intelligence, vulnerability management, situational awareness, cybersecurity analytics, cybersecurity incident management, and active defense. Operational duties include first and second level operational and incident response activities, threat analysis and correlation, implementing, configuring, testing, debugging and maintaining the systems in these functional areas, in addition to consulting, problem resolution, performance tuning and monitoring.

• Stay current with emerging threats, vulnerabilities, and mitigation techniques to continuously improve security posture
• Collaborate with internal teams including infrastructure, applications, security operations center, cyber threat intelligence, and offensive security to validate vulnerabilities, assess risk, prioritize and recommend mitigation strategies
• Identify, review and analyze vulnerability data to detect trends and patterns
• Install, integrate, configure, and deploy vulnerability scanning solutions
• Confirm and refine asset scope for scan activities
• Analyze scan results, track and coordinate with system owners to ensure timely remediation
• Maintain a vulnerability dashboard and provide executive-level reporting
• Influence the development of vulnerability management standards and security policies
• Executing vulnerability management processes, suggesting applicable change controls, and security exceptions
• Maintaining and updating process guides and assisting with reporting to leadership and service stakeholders
• Assisting and supporting incident handling/response investigations

• Bachelor's degree in computer science, computer engineering, software engineering, information technology, computer information systems, MIS, or engineering is preferred. A combination of an associate degree, military or professional cybersecurity experience and cybersecuritycertification (CISSP, GAIC, MCSE, CEH, GICSP, CSSA, CISM) will be considered
• 2+ years in cybersecurity required with a strong proficiency in Vulnerability Management preferred
• Excellent communication and interpersonal skills
• Strong knowledge with SIEM platforms and threat intelligence tools

• Minimum of 2 years of experience with Vulnerability Management along with strong knowledge of CVSS scoring, patch management and secure configuration practices preferred
• 5+ years in cyber security and a strong proficiency in Vulnerability Management
• Cybersecurity certification (CISSP, CISM, OSCP, CCSP, CCNA, GAIC, MCSE, GICSP, CSSA)
• Desirable skills include any of the following:
  • In-Depth Knowledge of Operating Systems (Windows, Unix/Linux, MacOS)
  • Programming and Scripting Experience (Python, PowerShell, Perl, Java, .NET (VB, C#), etc.)
  • Network, Identity, and Authentication Management (TCP/IP, Switch/Route, DNS, DHCP, Kerberos, PKI, RADIUS, etc.)
  • Cloud Platforms (Azure, AWS, GCP)