Vulnerability Assessment Analyst
Remote (Mexico)
Applications have closed
Vulnerability Management Analyst
SailPoint is seeking an experienced Vulnerability Management Analyst with demonstrated competence and thought leadership capability to contribute toward the success of our vulnerability management initiatives. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security.
The Vulnerability Management Analyst will be responsible for scanning, tracking, analyzing, and reporting on vulnerabilities as part of the vulnerability management process. But also, creating a more proactive environment than reactive. To accomplish this, you will work closely with our internal security teams and other partners to help develop a vulnerability program that is resilient and supportable.
The ideal candidate will have a high passion for security, innovation, and problem-solving and the ability to work well within a team, participate in security audits, and aid in responding to customer security questionnaires. They will be highly collaborative, customer-service oriented, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences in terms of risk.
Responsibilities:
- Responsible for monitoring and reviewing vulnerability and compliance scan results and tracking remediation of vulnerabilities against service level objectives.
- Perform research and analysis of scheduled and on demand vulnerability assessments and develop risk-based remediation plans with proposed solutions to identified vulnerabilities; including system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
- Research security testing tools, techniques, and processes.
- Promote collaboration with our stakeholders to prioritize the remediation of vulnerabilities and close potential attack vectors.
- Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, tool/exploit development, cyber threat intelligence analysis and adversarial tactics.
- Provide guidance and collaborate with the Vulnerability Management engineering team to design and implement advanced vulnerability dashboards to meet operational requirements.
- Drive automation initiatives across the vulnerability management team and operational activities that are part of maintaining security infrastructure. Identify potential for and work with engineering to implement automation.
- Liaise with compliance teams to meet compliance requirements.
- Conduct continual self-driven learning on the Vulnerability Management space to understand new trends, strategies, and technologies.
- Assist with providing evidence for compliance needs
- Provide after-hours support on a scheduled / non-scheduled basis.
- Establish practices, templates, policies, tools and partnerships to expand and mature operational capabilities.
- Solve complex issues and protect various environments using a risk-based approach.
- Establishes credibility and maintains strong working relationships with groups involved with information security matters.
Requirements:
- Intermediate knowledge of risk analytics / modeling and vulnerability assessment.
- Experience with vulnerability scanning tools.
- Experience tracking trends and configure systems as required to reduce false positives from true events.
- Excellent writing, documentation and presentation skills are required to communicate findings and status.
- Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
- Understanding of cybersecurity best practices and frameworks such as SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, MITRE ATT&CK Framework, CIS Controls and OWASP Top 10.
- Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
- Knowledge of network based, system level, cloud and application layer attacks and mitigation methods.
- Solid grasp of vulnerability classification and scoring methodologies (CVSS, CVE, CWE). Fundamental understanding of risk vs severity.
- Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.
- Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
- Ability to work effectively with both local and remote staff, teammates and managers.
Preferred:
- Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 2-5 years of related work experience.
- Solid understanding of cloud, network, endpoint, and application security.
- Advanced knowledge of vulnerability assessment tooling such as, Rapid7, Qualys, Wiz. etc.
- Preferred certifications: CySA+, CISSP, GEVA, AWS Certs, Security+, or other relevant certifications.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security Audits Automation AWS CISSP Cloud Compliance Computer Science CVSS Exploit FedRAMP GDPR ISO 27001 MITRE ATT&CK Monitoring NIST OWASP Qualys SaaS SailPoint SANS SOC 2 SOX Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs