Sr. Analyst – Vulnerability Management

Job Title: Sr. Analyst – Vulnerability Management

JOB ID: 19-04852

City: Atlanta

State: GA

 Sr. Analyst – Vulnerability Management - Atlanta, GA - Contract
Contact - Lisa Leff - - 404-990-3202

The vulnerability management team hunts for and prioritized vulnerabilities that could lead to a breach of confidentiality, integrity or availability of Turner's sensitive information. The Senior vulnerability analyst collaborates with his/her peers in the Information Security Office, the company's asset owners, and other company IT staff to improve the company's information security posture and reduce the likelihood of a disruptive cybersecurity event.
  • Responsible for implementing, configuring and maintaining vulnerability and compliance scanning tools such as Qualyguard, AlertLogic, AppScan, and Nessus
  • Conduct scheduled and ad hoc application and system scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and communicate findings effectively
  • Ensure data flows are maintained between internal tools and enterprise wide reporting dashboard
  • Develop and manage scanning/profiling tools and automated tasks
  • Perform and post results of scheduled and on demand vulnerability assessments
  • Provide technical feedback on proposed solutions to identified vulnerabilities
  • Interface with vendor support teams to keep abreast of developments in product lines
  • Research security testing tools, techniques, and processes
  • Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities
  • Recommend approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes
  • Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the security operations center (SOC)
  • Promote collaboration with our stakeholders and Red Team researchers to prioritize the remediation of vulnerabilities and close potential attack vectors.
  • Understand asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected
  • Develop the vulnerability reports and score cards that the define current state of the corporate network security risk posture.
  • Mentor and train more junior staff in vulnerability management and awareness. Prioritization of vulnerabilities, attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
  • Work closely with Security Incident Response Team and Architecture team members to help improve the team's abilities in Detection, Prevention and Response capabilities
  • Work with business leaders and other ISO staff to prioritize vulnerability findings for remediation
  • 2+ years of cyber security experience
  • 4-6 years of technology experience
  • Ability to utilize best in class practices and determine best remediation path
  • Intermediate level knowledge of Windows and two or more of the following operating systems; *NIX, OS X, iOS, etc.
  • Demonstrated knowledge of web application security tools such as Qualys, Splunk, AlertLogic, Burp, nmap, Metasploit, etc.
  • Must be proficient in the use of Microsoft Office Applications (Outlook, Word, Excel) and other standard (Customer specified) applications.
  • Demonstrated knowledge of TCP/IP protocols, network analysis, and network/security applications
  • Demonstrated experience with scripting languages, such as PowerShell, Python, Bash, PHP, etc. preferred
  • Excellent analytical and problem-solving skills
  • Strong interpersonal, oral and written communication skills
  • The personality traits, work habits, and social skills necessary to work effectively within a dynamic and highly operational broadcast environment
  • Exemplary personal and professional integrity
  • Certifications in related areas (e.g. CISSP, SANS GPEN/GWAPT/GXPN, OSCP, CEH) are preferred.

Apply to job