Vulnerability Analyst

IDESCRIPTION You will be responsible for monitoring numerous available sources of information regarding vulnerabilities to systems utilized within our environment, performing a risk-based needs analysis on vulnerability mitigation, and championing implementation of necessary mitigation. The Analyst will also perform periodic and new system vulnerability scanning. Strict records will be maintained by the Analyst of risk decisions made and mitigated steps taken, including any required governance reporting. RESPONSIBILITY Ensure computer systems exceed security and service level targets through the use of reliable products, penetration and security assessment testing, and sound practices within incident response and investigations. Monitor regulatory and advisory sites and vendor reporting sources to identify available vulnerability mitigation tools and current patch level releases that are appropriate to our environment. Manage log correlation and analysis system. Champion deployment of recommended updates and maintenance fixes, working with responsible IT Teams and reporting status as appropriate. Maintain records of risks and mitigation controls for vulnerabilities across all platforms. Provide technical support and awareness programs for security issues related to systems and applications within our infrastructure. Assist in the recommendation and design of system architectures, platforms and specifications in order to meet current security standards and future business needs. Perform system vulnerability scanning and assessment of new systems. COMPETENCIES Strong knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques. Technical knowledge of desktop and server hardware and software architectures and operating systems including Windows, UNIX and Mac. Technical knowledge and familiarity with common business and financial software applications and functionality. In depth knowledge of current LAN/WAN network technologies, architectures, principles, operations and protocols. Knowledge of current security vulnerabilities. Exceptional interpersonal and customer service skills and the ability to ascertain and disseminate information quickly through a variety of channels. REQUIREMENTS 3 years related work experience, preferably in financial services or other regulated and secure industry. 2+ years experience with Information Technology, with specific experience regarding operating system patching, vulnerability scanning, and/or intrusion detection systems. Effective knowledge of information security theory and practices. Strong technical knowledge of relevant security tools and processes. Excellent communication skills, both written and verbal. Ability to be adaptable and flexible while responding to deadlines on assignments and workflow fluctuations. Excellent problem diagnosis, analytical, and communication skills. Ability to balance several conflicting demands to achieve optimum services performance with minimum disruption to business operations. Sound experience in devising ways to extract data from many sources and translating this data into useful information CISSP certification is a plus.