Security Analyst III – Vulnerability Management

  • Full Time
  • Duluth, GA, USA
  • Applications have closed
  • 24

Website COOPFS CO-OP Financial Services

The Opportunity

CO-OP Financial Services is bringing digital transformation to the credit union movement. We’re creating innovative technology solutions that help not-for-profit credit unions best serve their members and compete with the big banks.  As a result, our world-class team is growing faster than ever! If you’re passionate about technology and want to be part of a purpose-driven organization, this is an exciting opportunity to provide real value and help shape the future of human-centered financial services.

 

We are seeking a talented Security Analyst III – Vulnerability Management to be accountable for the vulnerability management lifecycle throughout the CO-OP Financial Services environment for the detection, prioritization, and remediation of vulnerabilities.   Provide subject matter expertise on Patch and Vulnerability Management including leveraging best in class tools and partners for scanning and testing.  Provide direct high-level analysis of specific or broad-scope security issues and risks identified by key systems and other sources. Produce analysis and reporting of cyber security risks and trends to inform decision-making processes and the holistic cyber security risk posture of the company. Oversee the risk-ranking process of newly identified vulnerabilities for prioritization and development of remediation plans.  Regularly participate in vulnerability management, threat identification, and/or deep dive research projects as assigned to challenge assumptions and articulate true, proven cyber security risk within the company. Document & communicate analysis results or findings to both technical and business audiences. 

What You Can Look Forward to

  • Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.
  • Provide input, help prepare and update VM roadmap, develop, maintain, and publish project plans and operation schedules.
  • Propose VM concepts/solutions and prepare presentations.
  • Create and maintain SOPs for the VM program, provide technical knowledge to operations and production support teams.
  • Maintain configuration control of VM hardware, systems, and application software, Coordinate upgrades and other maintenance activities on VM tools.
  • Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
  • Prepare and maintain technical documentation of VM program.
  • Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and prioritize remediation activities related to servers, storage, databases, appliances, web applications and network devices.
  • Evaluation analysis and risk ranking of vulnerability findings in alignment with the NIST CVSS scoring framework.
  • Lead and facilitate Vulnerability Management meetings for the review of findings and presentation of summary and detailed reports and trends.
  • Preparation and submission of exceptions for findings planned outside of SLAs for remediation.
  • Relationship Management with 3rd party Pen Testers and Managed Vulnerability Management System service provider.
  • Planning and Scheduling of ASV scans and 3rd party pen testing activities.
  • Detail and Summary status reporting of vulnerability remediation.
  • Collaborate on and provide VM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities.
  • Help develop a long term VM strategy (3-5 years) that will address global information security needs (current state, gaps and opportunities).
  • Actively supports our CO-OP culture and embraces our core values of Work as Partners, Communicate Openly and Honestly, Demonstrate Excellence and Champion Change in all interactions.

What You’ll Need to Succeed

  • Bachelor’s degree and 5 years of related experience or equivalent training and/or experience.
  • 3-5 years of hands on experience with vulnerability and configuration scanners like Nessus, Qualys, InsightVM, eEye Retina, or GFI LanGuard.  Direct Qualys experience is a plus.
  • 5 or more years of combined experience supporting Microsoft Windows servers and endpoints, Linux & Unix servers, virtual infrastructure (e.g. ESXi), and network assets (e.g. routers, switches, firewalls, load balancers, etc.).
  • At least one year or more with hands on experience with vulnerability and configuration aggregation tools like ThreadFix, Qualys, BMC BladeLogic, SolarWinds, or Kenna Security.
  • 2 or more years’ experience developing and maintain vulnerability management policies, procedures, processes, and guidelines.
  • 2 or more year’s experience developing remediation plans for vulnerability management, including Application Security, Vulnerability Scanning, and/or third-party Penetration Testing.
  • 2 or more years’ experience with Cybersecurity framework like NIST, COBIT, ISA, and ISO.
  • 2 or more years’ experience with PCI-DSS 3.x standards.
  • At least one or more years’ experience with Agile framework.
  • Knowledge of security best practices and procedures.
  • Effectively prioritize and execute tasks in a high-pressure environment.
  • Experience managing projects or project work streams.
  • Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders.
  • Ability to provide direction and mentor less experienced teammates.
  • Ability to provide support in resolving IT security or related product issues as required.
  • Team-oriented and skilled in working within a collaborative environment.
  • The ability to interpret technical needs and provide thorough and complete support.
  • Effective communications, interpersonal, strong analytical and problem solving skills.
  • Organized, keen attention to detail, and efficient.
  • Highly self-motivated and directed.
  • Strong background in network security related technologies.

Why Join CO-OP?

Get ready to be part of the exciting, ever-evolving and growing credit union movement!  As a CO-OP employee, you’ll have a chance to directly impact the access of financial opportunities to individuals and communities – and you’ll help drive the future of fintech at an energetic organization where contributions are valued, and innovation is championed.   

 

With more than 35 years of industry leadership, CO-OP Financial Services is the largest, most comprehensive credit union service organization in the nation.  CO-OP serves as THE credit union technology engine, bringing payments solutions, engagement services and strategic counsel to help credit unions optimize member experiences to consistently provide seamless, personalized multi-channel offerings, while delivering secure, sophisticated fraud mitigation service.

 

CO-OP serves more than 3,000 client credit unions, with 60 million debit and credit cardholders, nearly 30,000 surcharge-free ATMs and more than 5,600 shared branches nationwide. Our vast technological ecosystem facilitates more than 6.5 billion transactions every year and equips credit unions of all sizes to deepen member engagement and prosper in the fast-paced world of fintech.

The Perks

  • Fun, challenging and, collaborative work environment with passionate colleagues that care deeply about the intersection of technology and human-centered financial services.
  • Health benefits – medical, dental, & vision plus wellness programs and gym reimbursements.
  • 401K with generous company match.
  • Tuition reimbursement.
Scroll to top