Cybersecurity Vulnerability Analyst
Job Summary
Responsibilities:
- Receiving information and reports about hardware and software vulnerabilities; analysing the nature mechanics and effects of the vulnerabilities; and developing response strategies for detecting and repairing the vulnerabilities;
- Proactively managing vulnerabilities by performing vulnerability assessments penetration tests and reviewing the technical security compliance (deviation from a baseline configuration) of systems and services;
- Managing response to disclosed vulnerabilities for which no countermeasure is yet available.
- This service can involve communicating with vendors other CSIRTs technical experts constituent members and the individuals or groups who initially discovered or reported the vulnerability.
- Evaluates results of security audits and tests security findings prioritises plans and implements remediation controls
- Provides forensic analysis in response to information security incidents
- Assesses security controls of new applications to establish compliance level and appropriate configuration
- Performing vulnerability watch
- Processing of incoming vulnerability warnings alerts and reports
- Oversee the management of known vulnerabilities through established processes and procedures
- Triage based on verification level of exposure and impact assessment
- Analysing and examining vulnerabilities in hardware or software
- Validating the existence of suspected vulnerabilities by determining where they are located and how they can be exploited
- Reviewing source code using a debugger to determine where the vulnerability occurs or trying to reproduce the problem on a test system
- Notifying the various parts of the Agency about the vulnerability and shares information about how to fix or mitigate the vulnerability
- Verifying that the vulnerability response strategy has been successfully implemented
- Performing regular vulnerability scans of system and applications writing reports including recommendations for improvements and following-up the remediation process for identified vulnerabilities
- Providing regular reports and dashboards (based on KPIs) to monitor security improvements
- Performing penetration tests and writing reports including recommendations for improvements
- Reviewing the technical security compliance of systems against defined security baselines (gold configuration) writing reports and following-up the remediation process for identified non-compliance
- Participating in the definition of security baselines
- Provide activity reports to management to demonstrate service SLA and service quality
Skills:
- Document report present and communicate with various stakeholders
- Develop codes scripts and programmes
- Identify and exploit vulnerabilities
- Conduct ethical hacking
- Think creatively and outside the box
- Identify and solve cybersecurity-related issues
- Communicate present and report to relevant stakeholders
- Use penetration testing tools effectively
- Conduct technical analysis and reporting
- Decompose and analyse systems to identify weaknesses and ineffective controls
- Review codes assess their security integrate cybersecurity solutions to the organisations infrastructure
- Configure solutions according to the organisations security policy
- Assess the security and performance of solutions
- Develop and test secure code and/or scripts
- Identify and troubleshoot cybersecurity-related issues
Specific Requirements:
- Experience in vulnerabilities analysis
- Knowledge of risk assessment in the context of given vulnerability and its environment
- Experience in coordination and execution of PenTests
- Experience in implementing protections against the most common types of exploits for web apps
- Proficient in writing reports covering vulnerabilities and patch management
- Experience in reviewing current security controls and proposing improvements
- Experience in writing security procedures/policies with emphasise on information protection and data privacy
- Experience in administering security solutions - Vulnerability platform WAF EDR
- Innovative approach to new technologies
Required Skills:
developmentperlcisspisoexcelapachepowerpointjavasqlmanagementmaterialsmanagerdatabasewindowslinuxdisaster recoveryrisk managementperipheralsarchitectureunix
About Company
30 employees
Welcome to Sansaone, a dynamic force in the realm of ICT talent acquisition. Born out of a passion for excellence and a vision for connecting outstanding professionals with forward-thinking organizations, we stand as a beacon for strategic recruitment solutions in the Information and ... View more