Sr. Vulnerability Analyst
Contract Type: Direct Hire
Posted Date: November 22, 2024
ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind the technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at www.eccoselect.com.
Position Title: Sr. Vulnerability Analyst
Location Information: Hybrid-Dallas
Position Responsibilities:
– Conduct regular vulnerability assessments of systems and applications using tools like Tanium and Tenable.
– Analyze and interpret vulnerability scan results, prioritizing vulnerabilities based on risk levels.
– Collaborate with cross-functional teams to develop and implement effective remediation plans for identified vulnerabilities. Conduct penetration testing and vulnerability research to identify new and emerging threats.
– Develop, update, and maintain security policies, procedures, and best practices.
– Monitor security logs and alerts to identify potential security incidents and respond appropriately.
– Investigate security incidents to determine root causes and formulate remediation strategies.
– Work with IT teams to ensure adherence to security policies and procedures.
– Develop and deliver security training and awareness programs for employees.
– Participate in internal and external security audits and assessments.
– Stay abreast of emerging security threats, vulnerabilities, and industry best practices.
Essential Skills and Expertise:
– Bachelor's degree in Computer Science, Information Technology, or a related field; or 10 years of equivalent experience.
– Minimum of 5-7 years of experience in information security, focusing on vulnerability management and assessment.
– Proficiency with vulnerability scanning and assessment tools such as Intune, SCCM, Tanium, and Tenable.
– Strong understanding of security principles, frameworks (e.g., NIST, ISO 27001, PCI DSS), and best practices.
– Excellent analytical, problem-solving, and communication skills.
– Ability to work independently and as a collaborative team member.
– Relevant industry certifications such as CISSP, CISA, GIAC are a plus.
– Experience with ServiceNow Security Operations.
– Familiarity with common network and system architectures and cloud security solutions (e.g., AWS, Azure).
– Experience with security incident response processes, SIEM platforms (e.g., Splunk, ArcSight, LogRhythm), EDR tools (e.g., Carbon Black, CrowdStrike, SentinelOne), and SOAR platforms (e.g., Demisto, Phantom, Swimlane).
– Strong scripting skills in languages like Python or PowerShell.
Preferred Experience:
– Experience with Security Information and Event Management (SIEM) platforms (e.g., IBM QRadar, McAfee Enterprise Security Manager, Rapid7 InsightIDR).
– Knowledge of Network Intrusion Detection and Prevention Systems (NIDS/NIPS) (e.g., Snort, Suricata, Bro).
– Familiarity with Cloud Security Posture Management (CSPM) tools (e.g., CloudCheckr, Dome9, Prisma Cloud).
– Experience with Identity and Access Management (IAM) solutions (e.g., Okta, Ping Identity, ForgeRock).
– Understanding of Data Loss Prevention (DLP) solutions (e.g., Symantec DLP, McAfee DLP, Forcepoint DLP).
Qualifications:
ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities.
Equal Employment Opportunity is The Law
This Organization Participates in E-Verify