The Vulnerability and Threat Management Analyst is an essential part of protecting, assessing, and monitoring the organization’s assets. This role has direct input into how the Information Security program prevents security incidents. In this role, you will be responsible for configuring vulnerability and threat intelligence scans, researching the latest threats, conducting risk assessments, coordinating remediation of identified risks, performing penetration testing and reporting on compliance. You will track the status of the program, working with partners throughout the company to ensure systems are implemented successfully and vulnerabilities are remediated inline with policies. Partnering with analysts, architects and engineers (for on-prem & in-cloud solutions) is necessary to identify, assess, and remediate cyber threats and risks. Problem solving and analytical skills is a major component of this role, along with understanding the organization’s systems and helping to configure the best security posture. Staying up to date with the latest security standards and security products is a must. Additional responsibilities include, developing and maintaining policies and participating in Incident Response.
As a member of the Information Security team, the Vulnerability and Threat Management Analyst will:
- Oversee Prove’s Vulnerability and Threat Management Programs responsible for identifying, reporting and remediating vulnerabilities and threats in cloud, enterprise and infrastructure systems.
- Work with Security Analysts to monitor day-to-day operations and security solutions.
- Review logs and reports of devices, virtual tools and other security tools.
- Triage and escalate high risk and zero day exploits and provide remediation recommendations.
- Work within the Security Development Life Cycle to: design, build, and maintain security in COTS and in-house developed systems.
- Identify potential threats within architectures and designs to ensure alignment of Information Security policies with new solutions.
- Act on alerts from Threat Intelligence and DLP solutions, which can include end user training on safe practices.
- Guide teams within the organization through security related processes required for regulatory compliance and best practices.
- Identify, report, and assign risk to discovered vulnerabilities.
- Coordinate updating and patching of software and systems based on pre-defined SLA’s.
- Work with Prove’s Security Operations Center responding to alerts and monitoring for security incidents.
- Assess a system’s ability to defend against, respond to, and recover from cyber and social engineering attacks.
- Hold teams accountable for SLA obligations, which can include escalation of issues in a timely fashion.
Education & Experience
- Must have:
- Four to Seven (4 - 7) years of related experience, specifically in Engineering/IT Operations, Security Operations, Vulnerability Management, and/or Incident Response.
- A bachelor’s degree or equivalent.
- Hands on experience with Vulnerability Scanning & Management tools (Nexpose, Tenable, Prisma Cloud, Kenna Security).
- Hands on experience with SAST, DAST, SCA and DLP tools.
- Hands on experience testing application, OS, system and cloud vulnerabilities.
- Understanding of PCI DSS, HIPAA, SOC 2 Type 2 and NIST requirements and policies.
- Understanding of a Security Development Life Cycle.
- Knowledge of Incidence Response policy, process, and execution.
- Ability to communicate network, cloud and system security issues to fellow analysts and engineers.
Demonstrate the ability to learn and develop as a self-starter requiring little direction.
The salary range for this role for Denver, Colorado only is $85,000 - $105,000. Offered salary will be determined by the applicant’s education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided