Vulnerability Analyst - North Central region (Remote - PST preferred)

Vulnerability Analysts who work for GuidePoint are knowledgeable and passionate technologists who are self-motivated and self-directed. They are willing to take ownership of and be materially involved in the complete professional services lifecycle, from pre-sales through delivery.  Most importantly, they take direction well, function as part of a team, and are willing to learn and absorb new security focused technologies and disciplines. They are passionate about customer service, and invest themselves in fostering and maintaining positive relationships with their customers. Life-long learners, GuidePoint’s analysts are never satisfied with the status quo and constantly challenge themselves to improve, both personally and professionally.

Note: This is a remote position but we are ideally looking for someone living on the west coast (PST).

Technical Skills & Knowledge we are looking for:

• Experience with the entire vulnerability management lifecycle, assisting with building and maintaining vulnerability management programs in large and complex environments
• Must have experience with Qualys (deployment experience a plus)
• Experience performing basic scripting tasks using only what is found in the environment, such as BASH, PowerShell, Python, Perl or other native scripting languages a plus
• Experience with Kenna Security, Nucleus, Brinqa or similar risk management tools a plus
• Experience with ServiceNow integrations a plus
• Experience with Microsoft VM tools a plus
• An understanding of operating systems such as Windows Server, Windows 10/7, Mac OSX, RHEL, and Ubuntu Linux and the ability to perform basic functions at the CLI
• An understanding of networking concepts, protocols and detailed knowledge of how networks function
• A strong understanding of systems design and implementation
• An understanding of how and why vulnerabilities exist and are exploited
• Ability to understand and articulate complex vulnerability information to both technical and non-technical audience
• Ability to quantify true risk of vulnerability findings given environmental and extenuating circumstance
• Ability to interpret vulnerability scan results and build creative remediation strategies to remediate vulnerabilities
• Ability to design compensating controls when technical fixes may not be feasible
• A working knowledge of Application Security and infrastructure specific vulnerabilities such as those included in the OWASP Top 10 (SQL Injection, Cross-site Scripting, etc.)
• Strong written and verbal communication skills
• A strong desire to learn new technologies and contribute to a fast-growing company

Other relevant experience:

• Experience with programming languages such as Python, Java, C, C++, C#, PHP, Ruby or .NET
• Hands on experience hardening systems to benchmarks such as CIS, NIST, etc.
• Experience with enterprise software deployment tools such as SSM, JAMF, BigFix, or Tanium
• Familiarity with other Information Security tools such as Nessus, Kismet, Nmap, Burp, Netsparker, WebInspect, AppScan, Nexpose, Core Impact, Metasploit, etc.

 Education:

• Bachelor's degree in Computer Science, Engineering, Information Systems / Security or related discipline preferred