Position Summary & Responsibilities:

The Information Security, Vulnerability Management Analyst will be responsible for maintaining a fully mature enterprise-wide Vulnerability, Penetration Testing, and Logging & Event Management program.  This role is challenged with the responsibility of identifying, triaging, filtering, and documenting vulnerabilities and threats across the enterprise and working with business unit partners to harmoniously resolve security matters.  In addition, this role will be responsible for the continued production, support, implementation, and tracking of vulnerability management, penetration testing activity, and logging and event management workflows.  The chosen candidate for this role will also be tasked with aiding in the creation of a comprehensive threat intelligence program and thus responding, if necessary, to events/incidents on a 24x7 basis.  This position will also have operational responsibility in the disciplines of incident response while advancing the program development of key risk and performance indicators in support of compliance metric tracking and reporting procedures.

  • Work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics
  • Ensuring consistent evaluation of scan results identifying immediate threats, assessment of risk and corrective action for a large volume of assets using an established information security assessment methodology
  • Proficiency working with both internal and external partners to calibrate security toolsets while documenting security processes, procedures, and findings
  • Triage and filter scan results of web application, database, network and system security assessments to identify, research and eliminate false positives and other redundancies to ensure reporting of only relevant threats and risks to the enterprise
  • Employ use of automated tools or manual assessment techniques to determine validity of findings and emerging threat vectors
  • Identify anomalies or patterns in vulnerability scan, penetration test, and logging and event management results that may indicate pre-incident indicators, ineffective processes, procedures, standards and recommend and communicate findings, both in written reports and in presentation format, to the Information Security Team and business unit partners
  • Demonstrate to asset owners a proof of concept in validating exploitability of vulnerability and explain the threat in a manner in which all levels of the corporation can understand
  • Review security advisories, assess risk, relevance, priority and communicate findings to clients
  • Understand and communicate attack chains to management and other stakeholders
  • Develop Dashboards and reporting that highlight the effectiveness of risk mitigation over time
  • Other security-related projects that may be assigned according to skills

Required Qualifications:

  • Strong ethics and understanding of ethics in business and information security
  • Minimum of 6+ years of experience in the Information Security discipline supporting large enterprise vulnerability management, penetration testing, and event logging programs
  • Assist with incident response and potential breach activities, on a 24x7 schedule, if necessary
  • Proficient in analyzing and validating scan results, knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
  • Working knowledge of the NIST Technical Guide to Information Security Testing and Assessment security tools (e.g., Nessus, Qualys, Nexpose-Rapid 7, Metasploit, Web Inspect, AppDetective, nmap, Kali Linux, amongst others)
  • Excellent communication, collaboration, and strong project management skills
  • The ability to obtain a government clearance

                                                                                                                         

Additional Skills:

  • Experience in incident response procedures and investigations
  • Experience with vulnerability, malware, penetration and web application vulnerability scanning tools
  • Writing and developing clear and easily understood reports, metrics, scan schedules
  • Ability to work collaboratively and across all business units and levels of the organization
  • Ability to track and manage large data sets; identified vulnerabilities and action items to a state of documented resolution
View full description Apply Bridgewater, NJ Security 2426 Location - Bridgewater, NJ

About iconectiv:
At iconectiv, we envision a world without boundaries, where the ability to access and exchange information is simple, secure and seamless. As the authoritative partner of the communications industry for more than 30 years, our market-leading solutions enable the interconnection of networks, devices, and applications for more than one billion people every day. Working closely with private, government and non-governmental organizations, iconectiv has intimate knowledge of the intricacies and complexities of creating, operating, and securing the telecommunications infrastructure for service providers, regulators, enterprises and content providers. iconectiv provides network and operations management, numbering, registry, fraud and revenue assurance and messaging solutions to more than 1,000 customers globally.

As the world continues to change in ways we cannot even begin to imagine, we know that one thing will never change -- the need to stay connected. The world of tomorrow is counting on us, and we are delivering.

A US-based company, Telcordia Technologies, Inc., doing business as iconectiv. For more information, visit www.iconectiv.com.

Position Summary & Responsibilities:
The Information Security, Vulnerability Management Analyst will be responsible for maintaining a fully mature enterprise-wide Vulnerability, Penetration Testing, and Logging & Event Management program. This role is challenged with the responsibility of identifying, triaging, filtering, and documenting vulnerabilities and threats across the enterprise and working with business unit partners to harmoniously resolve security matters. In addition, this role will be responsible for the continued production, support, implementation, and tracking of vulnerability management, penetration testing activity, and logging and event management workflows. The chosen candidate for this role will also be tasked with aiding in the creation of a comprehensive threat intelligence program and thus responding, if necessary, to events/incidents on a 24x7 basis. This position will also have operational responsibility in the disciplines of incident response while advancing the program development of key risk and performance indicators in support of compliance metric tracking and reporting procedures.

- Work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics
- Ensuring consistent evaluation of scan results identifying immediate threats, assessment of risk and corrective action for a large volume of assets using an established information security assessment methodology
Proficiency working with both internal and external partners to calibrate security toolsets while documenting security processes, procedures, and findings
Triage and filter scan results of web application, database, network and system security assessments to identify, research and eliminate false positives and other redundancies to ensure reporting of only relevant threats and risks to the enterprise
Employ use of automated tools or manual assessment techniques to determine validity of findings and emerging threat vectors
Identify anomalies or patterns in vulnerability scan, penetration test, and logging and event management results that may indicate pre-incident indicators, ineffective processes, procedures, standards and recommend and communicate findings, both in written reports and in presentation format, to the Information Security Team and business unit partners
Demonstrate to asset owners a proof of concept in validating exploitability of vulnerability and explain the threat in a manner in which all levels of the corporation can understand
Review security advisories, assess risk, relevance, priority and communicate findings to clients
Understand and communicate attack chains to management and other stakeholders
Develop Dashboards and reporting that highlight the effectiveness of risk mitigation over time
Other security-related projects that may be assigned according to skills
Required Qualifications:
Strong ethics and understanding of ethics in business and information security
Minimum of 6+ years of experience in the Information Security discipline supporting large enterprise vulnerability management, penetration testing, and event logging programs
Assist with incident response and potential breach activities, on a 24x7 schedule, if necessary
Proficient in analyzing and validating scan results, knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
Working knowledge of the NIST Technical Guide to Information Security Testing and Assessment security tools (e.g., Nessus, Qualys, Nexpose-Rapid 7, Metasploit, Web Inspect, AppDetective, nmap, Kali Linux, amongst others)
Excellent communication, collaboration, and strong project management skills
The ability to obtain a government clearance

Additional Skills:
Experience in incident response procedures and investigations
Experience with vulnerability, malware, penetration and web application vulnerability scanning tools
Writing and developing clear and easily understood reports, metrics, scan schedules
Ability to work collaboratively and across all business units and levels of the organization
Ability to track and manage large data sets; identified vulnerabilities and action items to a state of documented resolution

Relocation Benefits: This position is not eligible for relocation assistance.

Full Time Employee benefits:
Health care benefits
401(k) with company match
Holiday pay
Paid time off (inclusive of a volunteer day)
Tuition Reimbursement upon approval
On-site Gym

DISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Therefore, employees assigned may be required to perform additional job tasks required by the manager.

We are proud to be an EOE Minorities/Females/Protected Veterans/Disabled employer. The Company’s status is a VEVRAA Federal Contractor. Request Priority Protected Veteran Referrals. We maintain a drug-free workplace and perform pre-employment substance abuse testing.

12318