Sr. Vulnerability Assessment Analyst

Job Description

Join our Team About this opportunity: The primary responsibility of this role is to assess new and existing security vulnerabilities from internal and external sources, determine applicability, and document the impact and remediation strategy in a customer viewable format. The role will focus on multiple technologies including all of the major cloud hosting environments, Linux based servers and firmware, specialized hardware products, multiple coding languages, and multiple virtualization technologies. The successful candidate will have the ability to understand the technical aspects of security, assess the risk, and translate that into simple to understand language. What Will You Do Review vulnerability scan reports Monitor and assess external sources for new vulnerabilities Assess the applicability of vulnerabilities in context Determine the real impact of vulnerabilities Document findings and disclosures for each vulnerability and publish them to customers Negotiate with external researchers on disclosure timing Monitor remediations and update documentation Participate in Security Incidents regarding urgent vulnerabilities Provide metrics and statistics Qualifications Minimum Qualifications: Six (6) years of experience required (can include indirectly related experience) A team player Ability to interpret and explain CVEs to technical and non-technical audiences Working knowledge of hacking techniques Working knowledge of programming Working knowledge of risk evaluation Experience with the MS Office suite Excellent written and verbal communication skills Ability to react to changing priorities quickly and effectively High school diploma, GED, and/or equivalent professional experience While there is a primary location listed on this requisition, other locations may be considered Preferred Qualifications: Experience evaluating security risk in context of the production environment Experience with Jira Experience communicating directly to customers Experience with at least one of these languages: Python, Go, Java, or C Experience with scan reports from Snyk, Qualys, Crowdstrike, Inspector, Vdoo, or Binwalk Experience working remotely across many time zones and cultures Security certifications such as CISSP, CRISC, AWS SCS, etc. Ability to work flexible hours