Associate Vulnerability Analyst
Company: NYSTEC
Location: Rome
Posted on: October 16, 2024
|
|
Job Description:
About Us:
NYSTEC is a nonprofit technology consulting company, advising
agencies, organizations, institutions, and businesses since 1996.
We're independent and vendor-neutral, so we have our clients' best
interests at heart. At NYSTEC, we know that we succeed when
individuals and teams flourish personally and professionally, so
our benefits and perks support that mindset.
About the Role:
As an associate vulnerability analyst, you will assist the deputy
chief information security officer (CISO) in orchestrating all
phases of the vulnerability management cycle to support NYSTEC's
information security initiatives. You will interface with staff and
management across all levels of NYSTEC, as well as with external
business partners, to ensure that NYSTEC's business critical
functions and systems are secure and in accordance with best
practices.
You will also lead the development of standards, processes, and
technical solutions to enhance the maturity of NYSTEC's
vulnerability program, with a focus on prioritizing vulnerabilities
- using information about attack vectors - and establishing a
vulnerability management program for both on-premises and cloud
environments.
Key Responsibilities:
Lead the orchestration of all phases of the vulnerability
management cycle, including asset identification and
classification, vulnerability detection, remediation, verification,
and reporting.
Implement mechanisms to detect vulnerabilities and determine how
they may lead to corporate incidents, to enhance compliance with
and support of security standards and procedures.
Work closely with members of the Information Systems Security Team
and the IT Team to enhance and automate the prioritization and
remediation of vulnerabilities.
Detect, analyze, interpret, evaluate, and integrate vulnerability
data from multiple sources and formats for relevance to NYSTEC's
environment; monitor and provide metrics on the threat level of
vulnerabilities to the systems, software, and networks.
Actively investigate and validate the latest security
vulnerabilities, advisories (e.g., Microsoft, Oracle, VMWare), and
incidents and provide insights into relevance and threats to
NYSTEC.
Plan, develop, configure, and execute vulnerability scans using
tools such as Tenable-Nessus, Rapid7, and Qualys on a variety of
corporate and business information systems, both on-premises and
cloud based.
Assess potential threats and risks to systems and technologies,
driving remediation with internal and external partners.
Identify attack surface reduction opportunities through
vulnerability data analysis and threat models.
Work to build and scale security controls around vulnerability
management as NYSTEC's security program expands in a rapidly
growing portfolio of new applications and products.
Assist in scaling and automating NYSTEC's security infrastructure
and developing technical standards and practices, such as
integration with third-party systems, to automate workflows related
to asset management, prioritization, and scanning coverage.
Proactively keep applicable members of management and leadership
updated on risks, with relevant metrics articulating the progress
on addressing.
Supervise the approval, tracking, and reporting of any security
exceptions as the need arises.
Maintain knowledge of the threat landscape.
Exercise a high degree of confidentiality.
Demonstrate the NYSTEC Core Values and Behaviors.
All other duties as assigned.
About you:
Required Qualifications
Knowledge of general cybersecurity concepts and methods, including
but not limited to secure configuration management, data protection
and privacy, security monitoring, incident response, governance,
risk and compliance, patch management, enterprise security
strategies, and architecture.
Understanding of various operating systems (Windows, Unix, MacOS,
etc.), cloud concepts (secure build images, cloud patching, etc.),
and knowledge of networking fundamentals.
Hands-on experience with vulnerability management tools (e.g.,
Qualys, Tenable, Rapid7), including the ability to architect,
deploy, configure, and operate.
Ability to conduct root cause analyses against vulnerabilities and
to determine feasible technical solutions.
Knowledge of vulnerability scoring systems (Common Vulnerability
Scoring System/Common Misuse Scoring System [CVSS/CMSS]).
Exceptional project management skills.
Effective written and verbal communication skills, time-management
skills, and the ability to prioritize tasks efficiently.
Understands NYSTEC's mission, brand mindsets, and core values and
can put the behaviors into practice.
To be considered for this role, candidates must be permanent
residents of the state of New York.
Onsite work will be performed in Rome, NY.
Preferred/Desired Qualifications
CompTIA cybersecurity analyst certification (CySA+) or similar
certification in information security, or the ability to obtain
such within one year.
Education and Experience
Bachelor's degree in cybersecurity or a similar discipline and two
years of experience with security management frameworks (e.g.,
National Institute of Standards and Technology [NIST], SysAdmin,
Audit, Network, and Security [SANS], Secure Controls Framework
[SCS]).
An equivalent combination of education, training, and experience
will be considered.
It is NYSTEC's policy to provide equal employment opportunity (EEO)
to all individuals, regardless of actual or perceived race, color,
creed, religion, sex, or gender (including pregnancy, childbirth,
and related medical conditions), gender identity or gender
expression (including transgender status), age, national origin,
ancestry, citizenship status, physical or mental disability,
protected medical condition as defined by applicable state or local
law, genetic information, military service and veteran status,
sexual orientation, marital status, or any other characteristic
protected by local, state, or federal laws and ordinances. NYSTEC
is strongly committed to this policy and believes in the concept
and spirit of the law.
Federal law requires employers to provide reasonable accommodation
to qualified individuals with disabilities. Please contact
recruitment@nystec.com if you require a reasonable accommodation to
apply for or to perform this job. Examples of reasonable
accommodation include making a change to the application process or
work procedures, providing documents in an alternate format, using
a sign language interpreter, or using specialized equipment.
Applicants must be authorized to work in the United States without
the need for visa sponsorship now or in the future.
Learn more about NYSTEC by visiting www.nystec.com.
Keywords: NYSTEC, Binghamton , Associate Vulnerability Analyst, Professions , Rome, New York
Click
here to apply!
|