Vaga de Security Operations Analyst

The Vulnerability Management Specialist position ensures the ongoing effective operation of the vulnerability management platform, prioritizes vulnerabilities in the environment, communicates vulnerability status to stakeholders, and ensures effective integration with other tools and systems in the UNICC environment. " Works within UNICCs Information Security team, interacting directly with both internal and external stakeholders to address issues related to remediation of vulnerability scanning and security assessment. " Communicate recommendations for system improvements and ensure that the operational processes for mitigating risk due to vulnerabilities are functioning and enhanced. " Provide support activities focused on helping key stakeholders understand their vulnerability results, providing guidance on the remediation, and evaluating false positives. " Manages vulnerability platform, license utilization, agent deployments, system components, and integrations. " Develop vulnerability reports and dashboards to provide new insight into existing vulnerabilities. " Implement various levels of automation among tools in the SOCs cyber security ecosystem and/or the UNICC infrastructure to improve the effectiveness and efficiency of vulnerability management. " Routinely analyse and update cybersecurity documentation, including security policies, plans, and procedures. " Conduct vulnerability scanning and assessment functions relating to various clients, environments, technologies, systems, and contexts. " Perform other related duties and fulfil responsibilities as required. Required Technical Skills: The resource MUST have the following skills and experience: " 10 years of relevant IT experience with at least 4 of those years in vulnerability management. " Proven experience with network vulnerability scanning and vulnerability management products (e.g. Qualys Guard, Rapid7, Nessus). " Proven experience with web application security testing tools (e.g. Burp Suite, NetSparker, Paros, Acunetix, Qualys WAS). " Proven experience with configuration management/ hardening tools based on CIS Benchmarks (e.g. CIS-CAT Pro, Qualys SCA App, Nessus audit files etc&) " Proven experience developing scripts and automating process (e.g. Python, Powershell, Ansible) " Strong working knowledge of UNIX/Linux and Windows operating systems including web server technologies like IIS, Apache. " Knowledge of IT security architecture/infrastructure best practices for both on premise and cloud environments. " Knowledge of public-key cryptography, encoding, encryption, and hashing techniques. " Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices. The resource SHOULD have the following skills and experience: Experience in implementing cyber security controls to achieve compliance with ISO 27001 and other cyber security control frameworks. Required Soft Skills: " Strong analytical and problem-solving skills. " Ability to act calmly and competently in high-pressure, high-stress situations. " Excellent written and verbal communication skills, interpersonal and collaborative skills. " High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity. " High level of initiative, accountability, attention to detail, ability to follow processes and to work with little supervision. " Proactive, flexible attitude to work with a willingness to constantly review and improve skills and process.&. Desirable certifications: " Experience in working in a distributed multi-cultural environment. " Project management skills and ability to manage multiple projects under strict timelines. Education/certifications: Graduation from secondary school supplemented by specialized training and work experience in Cyber security/IT Security. " Bachelors degree in Computer Science, Engineering or equivalent work experience required. " GCIH, GCIA, GPEN, GWAPT, GAWN, GMOB, OSCP, OSEP, OSWP, OSWE, OSCE, CISSP, CCSP, ITIL Certifications. Languages: " Expert knowledge of English is required. " Knowledge of another UN language is desirable. Teleworking Option:  Yes, up to 5 days per week. On-call requirements:  May be required on an exceptional basis