Security Analyst, Vulnerability Management Operations
India - Bengaluru
Illumina
Illumina sequencing and array technologies fuel advancements in life science research, translational and consumer genomics, and molecular diagnostics.The Vulnerability Management Analyst will lead in driving the strategy, evaluation, process, execution, and operations of the vulnerability management program at Illumina. S/he will be responsible for vulnerability detection, analysis, prioritization, reporting, remediation, and validation against common vulnerabilities. This role is accountable for collecting, processing, monitoring, and disseminating potential threat intelligence and security vulnerabilities. This role will also partner with each functional area to overlay vulnerability and threat data with system knowledge to identify where compensating controls (or deep system knowledge) can be applied to lower (or raise) the effective risk ratings.
Responsible for successfully executing enterprise-wide Information Security Operational controls and processes related to vulnerability management that protect the company’s data and functions across all business areas. Adhering to data protection standards, procedures, regulatory oversight, and technical solutions for the Information Security department.
Lead vulnerability management investigations, establish and improve monitoring processes, analysis of vulnerability events, validation via manual testing of patch effectiveness, cyber-security-based awareness and education, and vulnerability management requests. Point of escalation for zero-day vulnerabilities triage and response for junior staff.
Performs all duties in accordance with the company’s policies and procedures, all state, federal, and country laws and regulations, wherein the company operates.
In accordance with regulatory and audit requirements, this position will perform analysis of systems and programs, including the cyber-security related programs and initiatives. Delivery of activity reporting, including metrics, environment impact, effectiveness progress, and performance, and risk indicators.
Duties
- Configure and manage vulnerability management tools, creating scan schedules, reporting and metrics generation and documentation
- Monitors, tracks, responds, investigates, and reports in compliance to vulnerability policies and works with the responsible parties to drive timely results and remediation of vulnerabilities
- Generates and monitors effective and actionable vulnerability management reporting across the enterprise
- Research and assess current vulnerability threats
- Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e., PCI-DSS, SOX, GDPR, CCPA)
- Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
- Review, triage, and respond to service requests and alerts related to vulnerability management
- Response to vulnerability findings as primary or a point
- Assist in the administration and removal of unsanctioned software
- Liaison between internal teams to improve overall enterprise risk
- Act on improving processes and procedures
Skills
- Strong oral and written communication skills appropriate for consultation with all levels of management
- Strong problem-solving and analytical skills
- Proficient, or able to gain proficiency with, vulnerability management applications and tools
- Previous risk-based vulnerability management experience
- Knowledge of vulnerability management lifecycle (familiar with CVEs, CVSS, and MITRE)
- Experience in collaboration amongst multiple lines of business and geographic theaters
- Strong experience and architecture comprehension of vulnerability management environments preferred
- The ability to thrive in a fast-paced, dynamic environment
- Understanding of threat intelligence best practices
- Overall Networking understanding and principles
- Successfully implemented and delivered projects involving a variety of cybersecurity functions
- Team oriented and skilled in working in a collaborative environment
- The ability to influence and drive change within teams and the organization
- A self-starter with a hands-on style, high level of energy, stamina, and drive
- A strong team player who is proactive and driven to achieve results
- Commendable organizational and time management skills
- Previous experience working as part of an enterprise Information Security team
- Monitors, tracks, responds, investigates, and reports in compliance to vulnerability policies, and works with the responsible parties to drive timely results and remediation
- Research and track current security vulnerabilities and related projects
- Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
- Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
- Ability to validate vulnerability findings through manual testing
Experience/Education
- 5+ years’ experience in multiple Cybersecurity domains (i.e., Vulnerability Management, Identify & Access Control, Network Security, Firewalls, Enterprise Directory Systems, Encryption, Data Loss Prevention {DLP}, Comprehensive Endpoint Protection, Infrastructure & Information Security Operations)
- 3+ years of vulnerability management experience
- Experience working with a wide range of stakeholders to perform vulnerability assessments on systems or applications
- Experience creating useful metrics that will help various stakeholders (asset owners and executives)
- Experience triaging vendor patch releases as well as security bulletins and make recommendations on required remediations
- Experience with patch management processes across network, OS, database, workstations, IoT, virtual, cloud
- Experience with Microsoft, Linux, Mac operating systems
- Experience using MITRE/CVSS calculations to define vulnerable and impacted components to clarify the severity
- Experience collecting, processing, and disseminating threat intelligence
- Successfully implemented and delivered projects involving a variety of cybersecurity functions
- Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience
Nice to Have
- Previous experience in engineering, architecture, application development, information security operations
- Understanding of Cloud and Container Vulnerability Management (AWS, GCP, Azure)
- Webapp vulnerability management experience
- Understanding of DevSecOps best practices
- Knowledge of PCI, HIPAA, NIST 800-53, CIS Benchmark, STIG
- Security Certifications (i.e., AWS Security, Azure Security Engineer, Security+, CISSP, CEH, SANS, etc.)
- Incident Management, Monitor and Response experience in a Cybersecurity operation-based environment
- Forensic and eDiscovery skills
- Penetration Test/Validation Experience
- OT/Manufacturing Vulnerability Management Experience
Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure CCPA CEH CISSP Cloud Compliance Computer Science CVSS DevSecOps Encryption Firewalls GCP GDPR HIPAA Linux Monitoring Network security NIST NIST 800-53 Privacy SANS SOX Strategy Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs