Vulnerability Management Security Analyst II

The Vulnerability Analyst will help develop and equip a broad vulnerability management program to ensure the protection of Patterson's information assets from unauthorized use, modification, or destruction caused by system vulnerabilities. The role will be involved in all aspects of vulnerability testing and remediation, participating in enforcement of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The Vulnerability Analyst is expected to be fully aware of the enterprise's security goals as established by its stated policies and to actively work towards upholding those goals.

• Helps develop and execute on a Patterson-wide vulnerability management program.
• Communicate to appropriate business partner and functional team the scan results and recommended solutions as part of comprehensive remediation plan.
• Drives program maturity, reducing the time to vulnerability remediation by integrating technology platforms, automating processes, providing actionable vulnerability remediation guidance.
• Researches emerging system vulnerabilities and exploits across diverse technologies and rapid changing environments, including on-premise/cloud infrastructure to determine risk rating of vulnerabilities to business assets.
• Configures, maintains and operates security policy compliance and vulnerability management tools
• Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and evolving attacks and threat vectors.
• Mentors junior team members on vulnerability issues.
• Interact with adjacent IT and business departments as needed to ensure compliance with IT Security goals.
• Maintain and support the Vulnerability Management tool set, including Qualys, Kenna Security and associated integrations
• Provide Patterson's Vulnerability Management program metrics, key risk indicators, trending, and security patching reports.
• Review daily security feeds and prioritize findings based on external / internal intel
• Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, web applications and network devices.

• Associate's Degree in Computer Science, Management Information Sciences, Mathematics, Engineering, Business, or area of functional responsibility preferred, or a combination of equivalent education and experience.
• 1-2 years hands-on experience and demonstrated expertise with vulnerability tools and processes.
• Knowledge of information security technology, design, research techniques, administration, operating standards, and quality control methods.
• Basic understanding of LAN/WAN technologies and protocols, FTP, Active Directory, VPN technologies (MPLS, IPSEC, etc.), IIS and other network services.
• Knowledge of external/internal attack and penetration assessments, information security risk assessments, security vulnerability assessments, IT audit and risk assessments, network server and application security assessments, security policy standards & procedure.

• Knowledge of ITIL and/or ISO/IEC 27001 standards.
• Experience in a large, formal vulnerability program.
• General knowledge of cloud, wireless network and mobile security.
• One or more of the following certifications:
  • CompTIA Security+
  • GIAC Information Security Fundamentals
  • Certified Security Specialist (EC-Council)
  • Other security-related certifications
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Strong written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.

• Full Medical, Dental, and Vision benefits and an integrated Wellness Program.
• 401(k) Match Retirement Savings Plan.
• Employee Stock Purchase Plan (ESPP).
• Paid Time Off (PTO).
• Holiday Pay & Floating Holidays.
• Volunteer Time Off (VTO).
• Educational Assistance Program (Tuition Reimbursement).
• Full Paid Parental and Adoption Leave.
• LifeWorks (Employee Assistance Program).
• Company-Paid Short-Term Disability.
• Patterson Perks Program.