Key Responsibilities:
Vulnerability Management & Mitigation
Support and maintain best practices for vulnerability detection and mitigation.
Apply threat and vulnerability management (VM) programs to enhance information security practices and maturity.
Regularly track and maintain the vulnerability lifecycle to ensure timely closure of all findings.
Analyze vulnerability feeds, apply CVSS scoring mechanisms, and evaluate vectors/strings associated with vulnerabilities.
Incident Response & Threat Analysis
Participate in incident response triage and proactive analysis of network, system, and application vulnerabilities.
Detect, analyze, and communicate latest threats to CDC operations and EDR teams.
Create and optimize use cases to monitor or block exploitation of vulnerabilities.
Investigate latest security vulnerabilities, vendor advisories, security incidents, and penetration techniques; notify stakeholders when relevant.
Security Assessment & Consultation
Provide security assessments and recommendations for firewall, network, and endpoint security.
Support ongoing and upcoming VM projects by providing consultation and expertise.
Provide regular updates to stakeholders with detailed security reports, issues identified, and recommended workarounds.
Collaboration & Advisory
Collaborate with cross-functional teams including CDC operations, EDR teams, and network/firewall teams.
Offer guidance and best practice recommendations for vulnerability management and information security initiatives.
Technical Skills & Tools
Strong knowledge of vulnerability management programs, CVSS scoring, and security incident response.
Experience with Endpoint Detection & Response (EDR) tools and monitoring solutions.
Understanding of network, firewall, and system security configurations.
Familiarity with threat intelligence feeds, security alerts, and vendor advisories.
Soft Skills
Strong analytical and problem-solving abilities.
Ability to work independently and provide proactive recommendations.
Excellent communication skills for stakeholder reporting and advisory.
Team-oriented, with strong collaboration across technical and operational teams.