Cyber Threat and Vulnerability Specialist

Location: Fort Mill, SC
Date Posted: 12-28-2018
Job Description
 
The charter of the Information Security Office (ISO) is to partner with our business units, other corporate support functions, and user community to protect the corporate brand, data and assets. The ISO is responsible for the design, implementation and maintenance of an information security framework, policies and processes that protect the business, services, information and systems against unauthorized use, disclosure, modification, damage and loss.

Your core priorities will be to:

Individuals within the Information Security Office plan, execute, and manage multi-faceted projects related to cyber security to detect, prevent and respond to threats that is affecting the company. Individual should have a mindset of a defender and should be able to operate in a fast-paced environment working closely with our infrastructure team which includes Network, Firewall, Server and Application teams.
These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security management processes and to identify vulnerable areas. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
  •  Perform and Troubleshoot Vulnerability Scans (Discovery Scans as well), Ad-hoc, schedule vulnerability scanning and discovery scanning.
  • Perform Vulnerability Metrics Reporting for Ad-hoc and scheduled metrics report for various KPIs around vulnerability management activities
  • Create and follow up on tickets for identified vulnerabilities, per the Enterprise vulnerability management process. Track remediation efforts.  
  • Follow up with support groups on ticket status to completion
  • Lead monthly vulnerability management and patch cycle planning meeting w/ various stakeholders
  • Respond to questions from stakeholders about vulnerability reports, patch requirements
  • Collaborate speak with support groups/stakeholders on details about identified vulnerabilities.
  • Make recommendations on how we can improve vulnerability management operations (Scanner deployment, scanning frequency, process improvement)
  • Ensure vulnerability management operations team is following Enterprise vulnerability management processes
  • Lead expansion of vulnerability management activities (i.e. configuring new Qualys modules)
  • Stay up to date on latest vulnerabilities and potential impact to environment, as new vulnerabilities are released, must stay on top of information related to them and how they may impact the business.
  • Able to test application code level vulnerabilities using penetration testing methodologies is a plus.
  • Conduct impact analysis for threat vectors – Threat modeling
  • Working knowledge with open-source (Burp, Nmap, SSlscan, Sqlmap, Nikto, etc) and COTS (Veracode, WebInspect, IBM AppScan) security testing tools is a plus
  • Familiar with 2017 OWASP Top 10
  • Familiar with SANS Top 25 controls
  • Maintain day-to-day relationship with security and infrastructure services partners
  • Conducts research of emerging security threats.
  • Develops security solutions for critical and/or highly complex assignments. 
  • Develops remediation strategies and risk responses associated with the protection of infrastructure and information assets.
  • Ability to work independently taking initiative and as part of a team participating in a collaborate effort for a common goal.
  • Mentors less-experienced team members.


KNOWLEDGE, SKILLS & ABILITIES REQUIRED 
To perform this job successfully, the applicant must be able to perform each essential duty. The requirements listed below are representative of the minimal qualifications required.   
  • Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.Experience in Qualys, Kenna, Veracode and Fortify is a plus
  • Typically requires 5-7 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 4 years’ experience designing and deploying cyber security solutions for operations at the enterprise level.
  • Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM) or CEH, Offensive Security Certified Professional (OSCP) or other equivalent recognized security certifications
  • Great attitude to help, learn and grow, excitement is always welcome
  • Experience applying structured analytical methodologies to threat monitoring and intelligence analysis, e.g. Cyber Kill Chain
  • Experience with Vulnerability management tools like Qualys, Kenna or equivalent
  • Solid understanding of vulnerabilities reported and impact of the security threats
  • Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures.
  • Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST, HIPAA, SOX and PCI
  • Ability to lead and provide direction to project teams
  • Strong consultative skills; ability to interface effectively with technical and non-technical leaders.
  • Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.


BENEFITS
We offer competitive total rewards compensation. Our commitment to our associates includes benefit programs that are comprehensive, diverse and designed to meet the various needs across our associate population.
  • Healthcare for associates and eligible dependents, same-sex and domestic partners
  • Paid time off, including vacations and holidays
  • Paid volunteer time off
  • Life insurance and disability protection
  • Pet insurance
  • Employee Stock Purchase Program
  • Retirement benefits and more…
Throughout our global footprint and various business units, we take a balanced approach to the benefits we offer. Many benefits are company-paid, while others are available through associate contributions. Specific benefit offerings may vary by location, position and/or business unit.
this job portal is powered by CATS