Listing Description

Samsung Semiconductor Inc. (SSI) is advancing the world’s technology. As a leader in Memory, System, LSI and LCD technologies, our US teams contribute to breakthroughs in 5G, SOC, memory and display. With our global perspective and diversity of thought, we proudly serve our customers around the world. We are looking for team members who share our commitment to learning and growth and excel when collaborating within and across teams.

SSI is headquartered in the heart of Silicon Valley and is a wholly-owned U.S. subsidiary of Samsung Electronics Co., Ltd. - the #1 employer in the world (Forbes, 2020 & 2021) and top patent-holder in the U.S. Want to advance the world’s technology with us?

Job Title

Cyber Security Vulnerability Analyst

Location

San Jose, CA

Job #

40794

OVERVIEW & IMPACT:

Cyber Security Vulnerability Analyst is responsible for detecting weaknesses in our environment (including networks, software, and infrastructure) and help implement measures to correct and strengthen security within the system.

JOB RESPONSIBILITIES:

• Act as primary point of contact for managing the discovery, analysis, tracking, and remediation of vulnerabilities for the enterprise.


• Assist in management and updates of information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance and regulatory requirements.


• Manage execution and distribution of vulnerability assessments, reports and metrics.


• Work with Infrastructure and business teams to define hardening standards and ensure compliance across the environment.


• Manage the vulnerability exception request process.


• Design and improve upon vulnerability management processes and workflows.


• Partner with software teams to assess and remediate vulnerabilities across Datacenter Servers, Infra and Endpoint Devices.


• Coordinate and communicate with cross-functional teams throughout the VM lifecycle.


• Provide actionable security guidance to asset owners in an effort to speed up vuln remediation.


• Build out and scale our asset inventory platform.


• Conducting insider threat risk assessments and analyzing the threat issues, improvement opportunities and built action plans.


• Responsible for Remediating the issue and maintain excellent security posture.


• Execute Vendor Security assessments activities include evaluation of vendor controls and practices, process enhancements, reviewing security test reports, and analyzing security requirements.


• Take a metrics-driven approach to remediation and problem-solving.


• Contribute to other aspects of the security program such as systems hardening, Data loss prevention policies and compliance.


• Balance concurrent projects with ongoing operational responsibilities.

QUALIFICATIONS & REQUIRED SKILLS:

• Bachelor’s Degree or higher in the field of Information Security or Information Technology – Computer Science (CS), Management Information Systems (MIS), SW Engineering, Cyber Security


• 3 - 5 years of experience in cyber security and/or IT security roles with increasing responsibility


• Current Information Security Certification(s): CISSP, CISM, CRISC, OSCP, CEH, Security+


• Relevant technology experience desired in the following areas:  Next Generation Firewalls • EDR/XDR • SIEM • SOAR • DLP • Threat Intelligence • VPN • Web Proxies • Secure Email Gateways • Cloud Security • CASB • SASE • Vulnerability Management • IAM • GRC • NIST framework


• Experience with maintaining security of highly sensitive data both on-prem and cloud environment


• Deep understanding of common security frameworks and local/international regulatory compliances.


• A team player who is self-motivated and self-directed.

Additionally, we look for the following universal qualities in all candidates:

• Resourceful Achiever: self-motivated and proactive, you flex to try new approaches and creatively solve problems 


• Avid Learner: you thrive with challenges, seek continuous growth and improvement, and seek data to prove your hypotheses


• Devoted Professional: you are diligent and deliberate in your work, leveraging your expertise to deliver results without ego  


• Thoughtful Collaborator: you build relationships across teams, offering help and welcoming ideas from others to drive work forward in an inclusive manner

COVID-19 POLICIES

• Successful applicants must comply with company COVID-19 policies, which are subject to change in response to public health, regulatory and business circumstances


• Current policies are subject only to emergency or legally-required exceptions and include: mandatory reporting of vaccination status; vaccination requirement for office access, external meetings and business travel; mask usage in office; and daily screening procedures at offices