Vulnerability Management Program (VMP) Analyst II
REMOTEAbout The Role:As the VMP Analyst II you will not only help mitigate our clients’ risk of attack, but you will also mentor junior team members and directly assist clients with understanding their risk exposure. You will use vulnerability scanning tools and reporting platforms to present valuable information to our clients to help reduce risk and strengthen their security posture. Responsibilities:
- Configure vulnerability scans to run according to schedule
- Coordinate sharing vulnerability information with internal teams (SOC, CTI, Incident Response, Enterprise Security Testing, etc)
- Participate in the onboarding of new clients, which may include configuration, reporting, presenting, and or any other duties associated with new client onboarding
- Manage internal Pondurance Payment Card Industry Authorized Scanning Vendor (PCI ASV) scans.
- Lead investigations into client inquiries regarding specific vulnerabilities found in scans; communicate recommendations to clients
- Provide mentorship, guidance training, and recommendations to VMP Analysts (Tier 1)
Technologies:
- Experience in vulnerability management programs
- Demonstrated experience with the following:
- Experience with risk controls and audits
- Familiarity with commercial or open-source log or SIEM solutions
- Event analysis, correlation, reporting, and alerting
- Vulnerability scanning tools such as Nessus, Nexpose, and / or Qualys
- Experience with system or network administration (Unix / Linux preferred)
- Familiarity with scripting languages, including, but not limited to Python
- Familiarity with penetration testing tools, including but not limited to Metasploit
Knowledge and Skills
- 2+ years of Cyber Security / Information Security experience
- GEVA, CySA+, CISSP, or equivalent certification/experience preferred
- Experience with various frameworks including, but not limited to, NIST, ISO27001
- Experience defining, implementing, and managing security controls
- Ability to analyze and research cyber vulnerabilities
- Vulnerability management skills to review critical infrastructure and security vulnerabilities
- Be able to present solutions to senior management and customers
- Knowledge of Blue Team & Red Team activities and Vulnerability Management Methodologies
- Experience with Vulnerability Scanners and Web Application Vulnerability Management tools
- Detail oriented and self-motivated to complete assigned tasks
- Strong research and problem-solving skills
Who we are:At Pondurance we embrace, educate, and protect people by helping make our world a better and safer place. We believe in inviting good people into our company who are driven to become great! Every person at Pondurance is encouraged to focus and grow in their individual areas of interest, passion, and career path. We have accessible leaders as Mentors who believe “None of us are as smart as all of us” (R. Pelletier). We believe everyone has the freedom to be themselves, especially at work and so we embrace, support, and celebrate each other.
Each one of us influences our company’s direction through speaking up, you have a voiceand we want you to use it.Do you want to be a part of something different? Do you want to influence real change? Do you want to be part of the solution? Then join us in redefining the security and cyber risk landscape.What We Offer:The opportunity to apply your expertise, take on new challenges, and help customers address their biggest security objectives.An inclusive culture of teamwork that embraces the diversity of our people and communities in which we work.Some of the corporate benefits (there are more) for full-time employees include:
- Medical, dental, vision, disability, FSA, HSA, life and AD&D insurance, 401(k) Plan.
- Time off: PTO, sick, holiday, & parental leave details are available
- Money: We provide competitive compensation packages based on the market and your overall credentials.
Although this is a remote role, if you live close by, you’ll have access to our office locations: McLean, VA or Indianapolis, IN.To promote a healthy and safe work community we require background and drug screenings as part of our hiring process. Details of our process will be provided upon request. We are an equal opportunity employer focused on celebrating diversity and inclusion. We believe that each individual should be treated equally without regard to race, color, identity, national origin, protected veteran status, religion, sex including sexual orientation and gender identity, disability, or any other characteristic protected by law.
