Vulnerability Management Analyst - Cyber Security
Crypto.comJoin the 80M users who are investing with Crypto.com. Access an ecosystem of crypto-related products, including the Crypto.com App, Crypto.com Visa Card, Crypto.com Exchange, Crypto.com Pay, and Crypto.com NFT.
- Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
- Review and triage vulnerability alerts into manageable reports for other analysts and management to review
- Assist in asset management and vulnerability data-enrichment processes
- Manage vulnerability and configuration scanning tools, like setting up vulnerability scanners, scheduling scans, tuning scanning profiles, etc.
- Prepare security patch bundles and perform testing on those security patches for various types of endpoints (Windows, Linux, MacOS).Implement security patching on various types of endpoints (Windows, Linux, MacOS) and servers.
- Use asset risk profiles, vulnerability severity ratings, and threat information to communicate priorities for remediating vulnerabilities
- Provide stakeholders with advice and assistance in identifying false positives and cost-effective vulnerability remediation or mitigation solutions
- Develop security documentation under the guidance of the Vulnerability Management & Configuration Management Lead
- Assist in automated or manual patching remediation processes
- Provide support and input for assessing risks associated with unmitigated vulnerabilities and configuration weaknesses.
- Support asset management initiatives by assisting with asset identification, classification and ownership.
- Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
- Deliver and designing key vulnerability reporting metrics and KRIs
- Automate integration points with CMDB and other data-enrichment systems
- 3+ years of experience working in information security
- 2+ years of experience in vulnerability assessment & remediation
- Knowledge of common security framework like CIS, NIST, etc.
- Able to articulate how vulnerabilities translates to cyber-risks
- Experience conducting security risk assessments
- Experience of using vulnerability management tools like Tenable, Qualyst, InsightVM, Tripwire CCM , etc.
- Cloud experience (AWS, Azure and/or GCP) is required.
- Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
- Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
- High work ethic and sense of ownership for the delivered results.
- Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile AWS Azure Bash Blockchain CISSP Cloud Compliance Crypto GCP GIAC Governance ISO 22301 ISO 27001 Linux MacOS NIST PowerShell Privacy Python Risk assessment Ruby SANS Scripting SOC 2 Strategy Tripwire Vulnerabilities Vulnerability management Vulnerability scans Windows
More jobs like this
Washington, District of Columbia, … Washington, District of Columbia, United States Full TimeMid Mid-levelUSD 60K - 90K * USD 60K+ *
Cybersecurity Analyst - TS/SCI with CI PolyDoD Network security NIST Risk assessment Risk management Security assessment +4
401(k) matching Health care Insurance Relocation support
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs