To provide support to the ISO’s Vulnerability Management team
The role will have accountability to maintain and manage a data repository of known vulnerabilities and the current remediation status.
OVERALL PURPOSE OF POST :
- To provide support to the ISO’s Vulnerability Management team
- The role will have accountability to maintain and manage a data repository of known vulnerabilities and the current remediation status. This includes the coordination of the collection of vulnerability data as well as the notification and reporting of identified vulnerabilities.
SUMMARY OF DUTIES :
- Coordinate with the sources of vulnerability intelligence to ensure the data is correctly imported in the vulnerability repository
- Coordinate communication with asset owners who have identified vulnerabilities to ensure they are aware of the risk and have an adequate remediation plan to resolve.
- Validate proper mitigation controls are in place until remediation activities are complete
- Provide a risk rating of vulnerabilities based on a defined set of criteria
- Provide reports to leadership communicating current vulnerability exposure
- Ensure reporting metrics relay proper risk posture to leadership and evolve as necessary
- Revise processes and procedures, metrics, and documentation that continue to improve the vulnerability management capability.
KNOWLEDGE & SKILLS REQUIREMENTS:
Technical Knowledge & Skills
- Candidates must be skilled in vulnerability assessment, risk rating, threat correlation, asset based remediation management, and reporting.
- Candidates must be familiar with network topology and understand network routes taken by various assets on our network
- Candidates must be able to demonstrate knowledge as to impact of vulnerabilities by demonstrating the following skill sets
- Understanding of network services vulnerabilities and attacks
- Knowledge of application exploits and vulnerabilities
- Knowledge of ports and services typical in configuration of web servers, file servers, and workstations
- Must know Windows OS & Unix/Linux OS
- Understand and be able to create queries to support data extraction correlation
- Excellent communication, presentation, writing and documentation skills
- Independent-thinker who works well within team environment and works to create strategic
- partnerships to ensure the vulnerability management program is successful
- Follow-up and attention to detail with great customer service skills.
- Good deductive reasoning skills, creative thinker.Candidates should be familiar with Qualys and other security scanning tools
- Candidates should be familiar with CVEs, CVSS, Secunia, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best-practices
- Analytical and detail oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needs
- Strong written and verbal communication skills, good listening and presentation skills.
Background Requirements (Education/qualifications/previous experience, etc.
- Bachelor’s degree or higher in IT, CS, IS, Engineering or a related field with 3-5 years of IT infrastructure experience with a focus in security
- A background in Information Security and Incident Response would be a distinct advantage.
- Ability to work on own initiative, or at direction of US team.