SSA201909001 Senior Security Analyst

Date Posted: 09-25-2019, Job Code: SSA201909001

Roles and Responsibilities:

• Work with the Commercial Vulnerability Management team as a Security Analyst within the Firm’s Technology Risk organization.
• Responsible for assessing reported vulnerabilities pertaining to commercial software products as to severity and relevance to client organization and assigning them to responsible technology owners for remediation.
• Responsible for reporting on all aspects of commercial vulnerability risk exposure for the Firm.
• Will work with the Commercial Vulnerability Management team within the Technology Risk department.
• Responsible for daily analysis of CVEs relevant to technology products in use by the Firm.
• Work with CVSS scoring and have experience accounting for the existence of compensating controls to re-factor the score.
• Ability to escalate vulnerabilities to the CISO and senior management level and initiating requests for immediate action and triage of critical severity items.
• Responsible for a segment of products associated with a particular area of the technology organization and therefore needs to form strong relationships with technology owners in order to influence remediation priorities.
• Performance of daily functions will require the ability to derive information from various related Splunk views and indexes.

Education and Skills Requirement:

• Must possess a Bachelors degree in Computer Science/ Engineering/ Technology/ Management or related field or equivalent degree.
• 2-3 years of technology experience with 1 or more years in a technology risk function
• Strong understanding of cyber exploit techniques and CVSS scoring of vulnerabilities in an enterprise IT environment
• Understanding of technology components, interaction between layers and services for applications and infrastructure
• Experience with an enterprise reporting platform (Splunk preferred)
• Strong organizational, communication, and professional skills
• Others: Python, Java, SQL, Arc Sight, TCIM, TSIEM, Qualysguard, Tripwire, ISS, Symantec CSP, Remedy, Security Incident Management and mitigation, Security Log review and analysis, Vulnerability Assessment, Log Analysis, Compliance Auditing, Security Change Management, Security Device administration and management, Windows, Linux, AIX, AS400 and OS400.

Submit resume to: usitcareers@egrovesys.com