Vulnerability Analyst

Client is looking for a local, Vulnerability Analyst in the Plano, TX area. This is a W2, contract to hire opportunity.

Must haves:

- 5+ years experience in information security/ vulnerability management

- Extensive experience in vulnerability management, patch management, and configuration management best practices.

- Knowledge of researching vulnerabilities, exploitation techniques, and industry trends/threats.

- Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).

- Experience with vulnerability and compliance scanning tools such as Qualys, Rapid7, or Tenable Nessus.

- Ability to interpret security advisories and understand vulnerability exploitation and impact.

- Linux/ Windows systems knowledge

Pluses:

- BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems.

- CISSP or similar.

- Experience implementing scanning architectures.

- Familiarity with data analysis and visualization technologies.

Day to day:

This position is responsible for tracking security improvements and helping the company apply increasingly stringent security standards. The role requires deep expertise in security standards, threat and vulnerability management, exploitation techniques, and secure development standards. It involves detecting vulnerabilities, assessing their impact on the organization, and communicating risks to stakeholders. This position also manages coordinated disclosure processes, collaborating with external researchers to responsibly report and resolve vulnerabilities. Tasks will include:

- Perform in-depth analysis of vulnerabilities by correlating data from various sources.

- Proactively research and monitor security-related information sources for vulnerability discovery.

- Assess impact of vulnerabilities on critical systems or data and advise on remediation.

- Maintain patch and vulnerability management practices to protect against exploitation.

- Research current vulnerabilities and exploits using trusted resources.

- Document remediation tasks for application and system owners.

- Assist system engineering team in configuring and deploying vulnerability scanning and network assessment tools.

- Support Incident Detection and Response team in daily operations.