Senior Security Analyst - Vulnerability Management
Cradlepoint

Boise, Idaho

Posted in Telecommunications


This job has expired.

Job Info


Overview

~This is a remote opportunity~

Cradlepoint has an immediate opening for a lead analyst on the Attack Surface Management team to support our Global Information Security function. Organizations often see security as collections of identified vulnerabilities in silos. This role will be forward thinking and assist with developing unique solutions that are at the forefront of technology. You will primarily assist with the identification and notification of vendor patches which will be accomplished by tracking internal and external vulnerabilities, and then applying the appropriate risk ratings to prioritize remediation to ensure Cradlepoint is appropriately protected. This role will be expected to work with various teams and their managers, supervisors and/or professional staff and may lead project teams to achieve milestones or objectives, plus coordinate with IT Operations & Engineering. You will engage business personnel to ensure remediation solutions are identified, tested and made available to all groups responsible for vulnerability remediation. You will be expected to be a proactive worker and generate security solutions that enhance the business they support. You must be able to take your experience and knowledge of security to the next level and work with a world class team to deliver on the Attack Surface Management goal of developing the complete perspective for operational and management visibility of Cradlepoint's overall Attack Surface. Are you up for the challenge?
Responsibilities

  • Implement the enterprise-wide strategy and key initiatives/projects focused on the reduction of technology risk within Cradlepoint under the direction of the Director of Attack Surface Management
  • Operate as a Subject Matter Expert (SME) for Vulnerability Management
  • Assist in the development of solutions and solving complex/unique problems with regards to Cradlepoint's Attack Surface
  • Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Attack Surface Management functional strategy
  • Work with IT and business teams to develop solutions that address root causes
  • Utilize existing vulnerability management, security configuration management, and web application scanning tools and processes to extend coverage, increase effectiveness and expand capabilities
  • Work with diverse IT and business teams to assist in developing solutions to remediate identified vulnerabilities and misconfigurations in a risk prioritized, effective and efficient fashion
  • Provide support to Audit, Legal, Human Resources, Corporate Security and Executives
  • Possess the ability to effectively identify, evaluate and communicate new and ongoing security threats
Qualifications
  • Bachelor's degree in Information Systems, Cybersecurity, or a related field and minimum 7-10 years of relevant experience in the Information Security field. Additional years of relevant experience will be considered in lieu of a degree
  • Minimum 4-6 years of experience in Information Security with experience in vulnerability management, security configurations management, or other security scanning
  • Possess strong technical security skills and comprehension of security and risk
  • Ability to work on complex projects and with diverse teams
  • Experience with Vulnerability Management tools such as Qualys QualysGuard, Rapid7, Tenable Nessus, etc.
  • Experience with Policy Compliance tools such as Qualys, Symantec CCS, Microsoft SCCM, etc.
  • Experience with Web Application Scanning tools such as WhiteHat, Appscan, WebInspect, etc.
  • Experience with vulnerability management tool integrations such as GRC, ticketing systems, SIEM, etc.
  • Experience with SAST/DAST tools such as Synopsis, SonarQube, Veracode, Checkmarx etc.
  • Experience with FOSS Scanning/SCA tools such as Blackduck, Phylum, Snyk, etc.
  • Familiar with Security Single Pane of Glass implementations or frameworks such as ServiceNow, RSA Archer, Kenna, RSAM, etc.
  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations as well
  • Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.)
  • Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
  • Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations
  • Strong technical understanding and experience assessing threats to and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off-the-shelf applications, etc.
  • Must be both a self-starter and team player with the ability to work independently with limited supervision
  • Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively
  • Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines
  • Security-related certifications a plus - CRISC, CISSP, CISM, CEH, etc.
#LI-TI1

#LI-Remote

Cradlepoint is an Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex, marital status, national origin, age, sexual orientation, handicap, disability, or any other protected class status pursuant to applicable law.


This job has expired.

More Telecommunications jobs


SubCom
Newington, New Hampshire
Posted about 3 hours ago

SubCom
Newington, New Hampshire
Posted about 3 hours ago

SubCom
Newington, New Hampshire
Posted about 3 hours ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.