Security Operations Analyst (Vulnerability Management)

31.05.22 | Valencia (Spain) | Full time

If you like this offer, please send your CV mentioning the job title to: recruitment@united-its.com

Location:  Valencia (Spain)

Teleworking option: (to be determined)

On-call requirements: (to be determined)


Main Duties and Responsibilities

The Vulnerability Management Specialist position ensures the ongoing effective operation of the vulnerability management platform, prioritizes vulnerabilities in the environment, communicates vulnerability status to stakeholders, and ensures effective integration with other tools and systems in the UNICC environment.

Vulnerability Management Specialist main duties are:

• Works within UNICC’s Information Security team, interacting directly with both internal and external stakeholders to address issues related to remediation of vulnerability scanning and security assessment.

• Communicate recommendations for system improvements and ensure that the operational processes for mitigating risk due to vulnerabilities are functioning and enhanced.

• Provide support activities focused on helping key stakeholders understand their vulnerability results, providing guidance on the remediation, and evaluating false positives.

• Manages vulnerability platform, license utilization, agent deployments, system components, and integrations.

• Develop vulnerability reports and dashboards to provide new insight into existing vulnerabilities.

• Implement various levels of automation among tools in the SOC’s cyber security ecosystem and/or the UNICC infrastructure to improve the effectiveness and efficiency of vulnerability management.

• Routinely analyse and update cybersecurity documentation, including security policies, plans, and procedures.

• Conduct vulnerability scanning and assessment functions relating to various clients, environments, technologies, systems and contexts.

• Perform other related duties and fulfil responsibilities as required.

Knowledge and Skills:

Essential:
•Strong analytical and problem-solving skills.
•Ability to act calmly and competently in high-pressure, high-stress situations.
•Excellent written and verbal communication skills, interpersonal and collaborative skills.
•High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
•High level of initiative, accountability, attention to detail, ability to follow processes and to work with little supervision.
•Proactive, flexible attitude to work with a willingness to constantly review and improve skills and process.
Desirable:
•Experience in working in a distributed multi-cultural environment.
•Project management skills and ability to manage multiple projects under strict timelines.

Education:

Essential:

•Graduation from secondary school supplemented by specialized training and work experience in Cyber security/IT Security.

Desirable:

•Bachelor’s degree in Computer Science, Engineering or equivalent work experience required.

•GCIH, GCIA, GPEN, GWAPT,GAWN,GMOB, OSCP,OSEP,OSWP,OSWE,OSCE, CISSP, CCSP, ITILCertifications.

Experience:

Essential:

•10years of relevant IT experience with at least 8of those years in vulnerability management.

•Proven experience with network vulnerability scanning and vulnerability management products (e.g. Qualys Guard, Rapid7, Nessus).

•Proven experience with web application security testing tools (e.g. Burp Suite, NetSparker, Paros, Acunetix, Qualys WAS).

•Proven experience with configuration management/ hardening tools based on CIS Benchmarks (e.g. CIS-CAT Pro, Qualys SCA App, Nessus audit files etc…)

•Strong working knowledge of UNIX/Linux and Windows operating systems including web server technologies like IIS, Apache.

•Knowledge of IT security architecture/infrastructure best practices for both on premise and cloud environments.

•Knowledge of public-key cryptography, encoding, encryption, and hashing techniques.

•Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.

Desirable:

•Experience in implementing cyber security controls to achieve compliance with ISO 27001 and other cyber security control frameworks.

Languages:

•Expert knowledge of English is required.

•Knowledge of another UN language is desirable.