This site uses cookies. To find out more, see our Cookies Policy

Vulnerability Management Security Analyst in Hartford, CT at Vaco

Date Posted: 7/26/2018

Job Snapshot

Job Description



Job Spec:
The Information Security Specialist is responsible for safeguarding information system assets by identifying and solving potential and actual security problems and threats. Job duties typically include planning and implementing security measures to protect computer systems, networks and data. The Information Security Specialists are expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches. They also are responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network.

The Information Security Specialist will serve as the primary resource for identification, classification, aggregation and status reporting of all vulnerabilities. The Information Security Specialist will track vulnerabilities within the operating systems, platforms, third party application and internal applications keeping detailed records of the status of each vulnerability and EnerSys' risk exposure. The Information Security Specialist will regularly communicate or report out the status of existing vulnerabilities within the enterprise to help peers and stakeholders accurately assess risk.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:

  • Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.
  • Leverage automated tools (for example: Rapid7, Qualys, Nessus) to perform regular authenticated and unauthenticated scans of the on-premise and cloud environments;
  • Review security vulnerabilities and prioritize issues / remediation based on potential business impact;
  • Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies;
  • Provide validation of proposed / implemented remediation actions;
  • Identifies opportunities for process and technical security improvements in the environment;
  • Act as the primary point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups;
  • Upgrade system by implementing and maintaining security controls;
  • Work with third party security providers and evaluate products;
  • Develop security policies and support compliance initiatives such as SOX and NIST;
  • Maintain technical knowledge by attending educational workshops, reviewing publications, and networking with industry peers;
  • Maintain identity management system; and
  • Perform other duties as assigned

    QUALIFICATIONS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

    Education and/or Experience

    • 4 or more years of practical experience in a similar role.
    • A Bachelor's degree in a technical field (Computer Science, Cyber Security) is an advantage but not required.
    • Previous experience working in large scale environments with diverse technologies.

    Language Skills

    • Effective communication skills: Oral, written and listening.
    • Comfortable working in a collaborative environment with technical and non-technical colleagues.

    Computer / Technical Skills

    • Understanding of a variety of technical concepts such as: networking, systems administration, application development, cloud computing and information security best practices.
    • Experience with vulnerability & secure code solutions such as Qualys, Tenable Nessus, Rapid7 Nexpose, WhiteHat, HP Fortify, Veracode, or AppSpider.
    • Intermediate to proficient skills in a scripting language such as Python or PowerShell.
    • Cloud Computing (AWS & Azure) experience preferred.
    • Network switching and Routing (Cisco), firewalls (Palo Alto) and familiarity with TCP/IP / associated protocols
    • Proficient in use of standard office software and reporting applications.
    .