Description

The candidate will join the Commercial Vulnerability Management team as a Vulnerability Scanning Analyst. Candidate will be working with Qualys and possibly other commercial vulnerability scanning products. Candidate needs to be proficient with CVSS scoring and have experience accounting for the existence of compensating controls to re-factor scores. Candidate needs to be comfortable escalating vulnerabilities to the CISO and senior management level and initiating requests for immediate action and triage of critical severity items. Role requires regular interaction with the operations and engineering teams responsible for maintaining the Firm’s vulnerability scanning platform. Performance of daily functions will require the ability to manipulate and derive information from various related Splunk views and indexes.

Desired Characteristics / Skills

- 3-5 years of technology experience. Including intermediate or better experience with Qualys

- Tenable, Rapid7 experience a plus

- Experience with an enterprise reporting platform (Splunk preferred)

- Strong organizational, communication, and professional skills

- Experience with CVEs and CVSS scoring of vulnerabilities in an enterprise IT environment

- Understanding of technology components, interaction between layers and services for applications and infrastructure