Desired Skills and Experience
- Operate and improve the end-to-end vulnerability management process, including aspects of asset inventory, contextual approach to scanning, conducting risk and vulnerability assessment, and providing reporting and remediation guidance.
- Operate Web Application security testing, and Static Code vulnerability analysis
- Provide in-depth analysis of vulnerabilities and related impact to stakeholders.
- Lead regular meetings with stakeholders to coordinate remediation efforts and clarify ownership.
- Influence stakeholders to prioritize risk treatment for identified vulnerabilities.
- Provide security reviews of change management tickets submitted by the organization to ensure remediation efforts are acted upon in a timely manner.
- Serve as the subject matter expert for threat and vulnerability processes.
- Assist with associated incident response, security administration, and security monitoring initiatives as requested.
- Bachelor’s degree in related field
- A minimum of 5 years of experience in IT and information security, 2 of which must be in information security
- Must be a self-motivated, detail-oriented professional
- Excellent communication, facilitation, and writing skills
- Strong knowledge in a scripting language such as perl or python
- Strong knowledge of Java or an equivalent programming language
- Experience using JIRA is preferred but not required
- Experience with security tools, including: vulnerability management tools such as Nessus, or Qualys, Symantec Endpoint Protection, Veracode or IBM Appscan, nmap, metasploit, core impact.
- Expert understanding of operating systems (Windows, Linux, Mac, iOS/Android)
- Experience with, and understanding of, the healthcare industry is preferred
- Demonstrated ability to develop and report on metrics
- Excellent communication, facilitation, and writing skills
- Understanding of networks and network architecture