Senior Security Analyst – Vulnerability Management

Location: Pittsburgh

Job Type: Full Time / Permanent

In this role on the Cybersecurity & Digital Trust team, the candidate will collaborate with technology and business coworkers while conducting cybersecurity vulnerability assessments. The candidate will be responsible for maintaining vulnerability management solutions, ensuring that all assets and systems are scanned for vulnerabilities regularly, and bringing any findings to the attention of the business while working within the cybersecurity department to prioritize and remediate threats. The focus of this role will be analysis of the data generated by these the vulnerability management platforms, coordination with internal stakeholders regarding their patching program effectiveness, and completion of day-to-day tasks associated with the vulnerability management program. This is a full time remote opportunity. We are looking to hire immediately.

Job Duties & Responsibilities: Responsible for identifying, reporting and tracking system vulnerabilities within the corporate assets ensuring the integrity of the environment. Evaluate the impact of vulnerabilities and the urgency for remediation using a combination of company tools and the candidate’s subject matter expertise. Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an AGILE manner across traditional infrastructure and in cloud environments. Using a risk-based approach, analyze company vulnerability data against open/closed information sources to best prioritize vulnerability hygiene activities. Communicate relevant vulnerabilities, recommended fixes and remediation timelines to peers and partners, throughout the company and subsidiaries. Provide tracking and reporting on discovered vulnerabilities and remediation efforts. Identify overdue system remediation efforts and coordinate with system owners to remediate identified issues. Manage and monitor vulnerability remediation timelines to ensure fixes are applied timely, in accordance with company policies. Collaborate with partners to anticipate potential non-compliance with remediation timelines, and escalate non-compliance to appropriate individuals, as necessary. Develop reporting to communicate status on a regular basis. Schedule and perform reoccurring scanning activities of both corporate and cloud environments as well as ad hoc scanning as required to test remediation. Collaborate with other Cyber organizations such as GRC and Threat Intelligence to report on program status and coordinate risk tracking. Manage and administer vulnerability assessment tools.

Education & Requirements: Bachelor’s Degree (Management Information Systems, Computer Science, Business) or equivalent experience. 5-7 years of experience in IT Systems Security, Network Security, Web Application Security CISSP (preferred not required) Rapid7 InsightVM or other vulnerability scanning tools. Direct hands on experience or strong working knowledge of vulnerability scanners and reviewing vulnerabilities. Working and practical knowledge of security tools, techniques, countermeasures and trends in application, network, system threats and vulnerabilities. Experience with software development lifecycle focusing on application security.