Senior Vulnerability Management Analyst
Posted 3 weeks ago
XOR Security is currently seeking a Senior Vulnerability Management Analyst to support a large commercial financial entity. VAT Analysts will conduct enterprise and application level security assessment. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring and vulnerability assessment. Strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and network penetration testing.
- Experience with both Qualys and InsightVM
- Minimum 3 years of professional experience conducting vulnerability assessment
- Strong analytical and technical skills in conducting vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as
- Ability to assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and system owners.
- Excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
- Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities
- Identify security gaps, evaluate and implement enhancements.
- Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans
- Able to collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts
- Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
- One or more certifications for VAT Analysts: GPEN, GWAPT, GSNA, GMON, GISF, GAWN, GWEB, GXPN, CEH, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP
- Ability to develop an enterprise Red Team capability
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.