This site uses cookies. To find out more, see our Cookies Policy

Vulnerability Management Security Analyst - Consulting in New York, NY at Vaco

Date Posted: 11/5/2018

Job Snapshot

Job Description

Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach.

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Security Operations, Managed Services, Governance, Risk, and Compliance.

Job Spec:

The Information Security Specialist will serve as the primary resource for identification, classification, aggregation and status reporting of all vulnerabilities. The Information Security Specialist will track vulnerabilities within the operating systems, platforms, third party application and internal applications keeping detailed records of the status of each vulnerability and risk exposure. The Information Security Specialist will regularly communicate or report out the status of existing vulnerabilities within the enterprise to help peers and stakeholders accurately assess risk.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:

  • Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.
  • Leverage automated tools (for example: Rapid7, Qualys, Nessus) to perform regular authenticated and unauthenticated scans of the on-premise and cloud environments;
  • Review security vulnerabilities and prioritize issues / remediation based on potential business impact;
  • Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies;
  • Provide validation of proposed / implemented remediation actions;
  • Identifies opportunities for process and technical security improvements in the environment;
  • Act as the primary point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups;
  • Upgrade system by implementing and maintaining security controls;
  • Work with third party security providers and evaluate products;
  • Develop security policies and support compliance initiatives such as SOX and NIST;
  • Configure new Qualys platform subscription including deployment of scan appliances and creation of option profiles, asset groups, scan schedules, report templates, and authentication records in both Vulnerability Management (VM) and Policy Compliance (PC) modules
  • Create run books for scanning and reporting processes developed within VM and PC modules.
  • Support vulnerability scanning operations by administering existing Qualys platform subscription and executing ad hoc scans as needed.
  • Collaborate and contribute to the automation of scanning and reporting processes where possible.
  • Weekly review of progress against the above goals, identification of new goals and summary of activity