11 Sep
IT Security Vulnerability Management Analyst II
Oklahoma, Oklahoma city , 73142 Oklahoma city USA

Vacancy expired!

The IT Security Vulnerability Management Analyst II applies Patch and Vulnerability management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks (Security Critical Control of continuous vulnerability assessment and remediation). The analyst will be involved in all the steps of the Patch and Vulnerability Management process and will utilize a vulnerability scanner. They will be responsible for documenting procedures, provide direction and recommendations for patching, set up scans and assist in coordinating patching efforts. Analyst will enhance scan results by providing feedback on risks given the host/system criticality and compensating controls. Will also engage in risk assessments, security awareness program, and coordinating and communicating patch-management process to stakeholders. The IT Security Vulnerability Management Team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. Additionally, the analyst will be responsible for the Security Critical Controls of auditing and monitoring for secure configurations for hardware and software on laptops, workstations and servers as well as secure configurations for network devices such as firewalls, routers and switches. Other responsibilities include: ongoing security risk assessments and hardening recommendations for business and technology initiatives, social engineering/phishing awareness and training simulations, and staying apprised of current security threats and vulnerabilities.

RESPONSIBILITIES
  • Vulnerability scanning, identification, and risk ranking
  • Tracking of remediation and actions taken and escalation requests
  • Risk Assessments for business and technology initiatives such as new vendors and supporting software
  • Phishing awareness training and simulations
  • Reporting of program key performance indicators and metrics
  • Policy & Asset control And Managing scan profile
  • Testing vulnerabilities/updates in the SCCM Test Lab
  • Scanning assets for software, including OSS, for vulnerabilities and updates
  • Staying up-to-date and current on any vulnerabilities (including Zero-Day)
  • Overseeing and managing the Patch Tuesday Process
  • Establishing and monitoring baseline configuration for all devices
  • Establish a baseline for operating systems, applications, frameworks, and webservers on workstations and servers
  • Establish a baseline for network devices
  • Understand configurations and be able to provide guidance or remediation
  • Utilize a test environment to test changes, and verify security controls are in place
  • Auditing of critical controls: Data protection and malware defenses

Education/Certification:
  • Bachelor's Degree in Computer Science, Management of Information Systems, Engineering or related Field
  • Industry Certification (CISSP, GEVA, CISA, CISM, GCIH, GSEC, SEC+, SEC460 etc.) preferred

Experience Required:
  • 3+ years of vulnerability management, security risk management, and/or security administration

Knowledge/Skills/Abilities:
  • Strong knowledge of threats and vulnerabilities associated with cloud and on premise network security
  • High-level familiarity with Vulnerability Management tools and ticketing systems
  • Ability to oversee and/or perform the development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
  • Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams
  • Perform security risk assessments for technology or business initiatives such as new software or services
  • Provide security recommendations to system and technology owners
  • Phishing and social engineering principles
  • Open-source software assessment and scanning
  • Containerization technology and security principles
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities
  • Ability to deliver reporting on and providing fixes to identified vulnerabilities
  • Strong analytical and problem-solving skills
  • Highly responsive with an ability to handle escalations quickly and professionally
  • Strong verbal and written communication skills
  • Strong research skills and willingness to seek information
  • Maintain effective working relationships with supervisor and coworkers

PHYSICAL DEMANDS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to stand; walk; sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear. The employee may occasionally lift and/or move up to 50 pounds.

WORK ENVIRONMENT AND ENVIRONMENTAL CONDITIONS The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. No hazardous or significantly unpleasant conditions. (Such as in a typical office). The noise level in the work environment is usually moderate.

Paycom is an equal opportunity employer and prohibits discrimination and harassment of any kind. Paycom makes employment decisions on the basis of business needs, job requirements, individual qualifications and merit. Paycom wants to have the best available people in every job. Therefore, Paycom does not permit its employees to harass, discriminate or retaliate against other employees or applicants because of race, color, religion, sex, sexual orientation, gender identity, pregnancy, national origin, military and veteran status, age, physical or mental disability, genetic characteristic, reproductive health decisions, family or parental status or any other consideration made unlawful by applicable laws. Equal employment opportunity will be extended to all persons in all aspects of the employer-employee relationship. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation benefits, and separation of employment. The Human Resources Department has overall responsibility for this policy and maintains reporting and monitoring procedures. Any questions or concerns should be referred to the Human Resources Department.

Vacancy expired!

Subscribe for new vacancies

Related jobs

»Part-Time Security Officer/Professional
2021-09-02
»Armed Security Officer
2021-09-02
»Part-Time Security & People Services Agent/Officer/Professional
2021-09-02
»Unarmed Security/Loss Prevention
2021-09-02
»Security Officer Positions $16-18 OKC, Norman, Edmond, Yukon
2021-09-02
Report job