Cybersecurity Analyst (Vulnerability Assessment)

RESPONSIBILITIES

NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties.
• Vulnerability Assessment Administration
• Perform scheduled security vulnerability assessments across global applications and infrastructure.
• Manage, coordinate, and track vulnerabilities from discovery, triage, remediation, and validation.
• Coordinate, schedule, and manage the engagement process (with internal stakeholders and third-
party vendors) for vulnerability remediation activities.
• Formally document and establish well-defined processes, procedures, remediation and mitigation strategies, and lessons learned.
• Manage vulnerability related tickets to ensure issues are remediated within designated timelines.
• Provide vulnerability mitigation strategies and meaningful vulnerability metrics.
• Support the maintenance and operations of vulnerability assessment infrastructure through refresh initiatives and annual planning.
• Report on findings and respond to requests and known vulnerabilities as well as delivering ad-hoc vulnerability scans on request.
• Coordinate emergency vulnerability patching, including remediation efforts.
• Conduct research and provide feedback to leadership and Cybersecurity team members of the recommended actions for vulnerability scan findings.
• Provide support of maintenance and operations to the vulnerability assessment toolsets.
• Provide support to internal processes to ensure compliance with the Payment Card Industry (PCI) standard.
• Endpoint Security Administration
• Provide operational support for endpoint security solutions.
• Support change management tasking relative to the security policies associated with endpoint security solutions.
• Evaluate security exception requests to determine legitimacy and completeness of requests prior to escalation to management.
• Review endpoint security alerts to determine true or false positives based on industry standards.
• Review Threat Reports generated from Endpoint security tools and provides recommendations and plans for appropriate resolutions.