Vaga de Security Operations Analyst
1 vaga: | Publicada em 12/02
- A Combinar
Sobre a vaga
The Vulnerability Management Specialist position ensures the ongoing effective
operation of the vulnerability management platform, prioritizes vulnerabilities in
the environment, communicates vulnerability status to stakeholders, and ensures
effective integration with other tools and systems in the UNICC environment.
" Works within UNICCs Information Security team, interacting directly with both
internal and external stakeholders to address issues related to remediation of
vulnerability scanning and security assessment.
" Communicate recommendations for system improvements and ensure that the
operational
processes for mitigating risk due to vulnerabilities are functioning and enhanced.
" Provide support activities focused on helping key stakeholders understand their
vulnerability results, providing guidance on the remediation, and evaluating false
positives.
" Manages vulnerability platform, license utilization, agent deployments, system
components, and integrations.
" Develop vulnerability reports and dashboards to provide new insight into
existing vulnerabilities.
" Implement various levels of automation among tools in the SOCs cyber security
ecosystem
and/or the UNICC infrastructure to improve the effectiveness and efficiency of
vulnerability
management.
" Routinely analyse and update cybersecurity documentation, including security
policies, plans, and procedures.
" Conduct vulnerability scanning and assessment functions relating to various
clients,
environments, technologies, systems, and contexts.
" Perform other related duties and fulfil responsibilities as required.
Required Technical Skills:
The resource MUST have the following skills and experience:
" 10 years of relevant IT experience with at least 4 of those years in
vulnerability management.
" Proven experience with network vulnerability scanning and vulnerability
management products (e.g. Qualys Guard, Rapid7, Nessus).
" Proven experience with web application security testing tools (e.g. Burp Suite,
NetSparker, Paros, Acunetix, Qualys WAS).
" Proven experience with configuration management/ hardening tools based on CIS
Benchmarks (e.g. CIS-CAT Pro, Qualys SCA App, Nessus audit files etc&)
" Proven experience developing scripts and automating process (e.g. Python,
Powershell, Ansible)
" Strong working knowledge of UNIX/Linux and Windows operating systems including
web server technologies like IIS, Apache.
" Knowledge of IT security architecture/infrastructure best practices for both on
premise and cloud environments.
" Knowledge of public-key cryptography, encoding, encryption, and hashing
techniques.
" Knowledge of IT security / hardening best practices; including but not limited
to operating
systems, web applications, and network devices.
The resource SHOULD have the following skills and experience:
Experience in implementing cyber security controls to achieve compliance with ISO
27001 and other cyber security control frameworks.
Required Soft Skills:
" Strong analytical and problem-solving skills.
" Ability to act calmly and competently in high-pressure, high-stress situations.
" Excellent written and verbal communication skills, interpersonal and
collaborative skills.
" High level of personal integrity, as well as the ability to professionally
handle confidential matters, and show an appropriate level of judgment and
maturity.
" High level of initiative, accountability, attention to detail, ability to follow
processes and to work with little supervision.
" Proactive, flexible attitude to work with a willingness to constantly review and
improve skills and process.&.
Desirable certifications:
" Experience in working in a distributed multi-cultural environment.
" Project management skills and ability to manage multiple projects under strict
timelines.
Education/certifications:
Graduation from secondary school supplemented by specialized training and work
experience in Cyber security/IT Security.
" Bachelors degree in Computer Science, Engineering or equivalent work experience
required.
" GCIH, GCIA, GPEN, GWAPT, GAWN, GMOB, OSCP, OSEP, OSWP, OSWE, OSCE, CISSP, CCSP,
ITIL Certifications.
Languages:
" Expert knowledge of English is required.
" Knowledge of another UN language is desirable.
Teleworking Option:
Yes, up to 5 days per week.
On-call requirements:
May be required on an exceptional basis