Sr. Vulnerability Analyst

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
  
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
  
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
  
• Assist in the responsibility for the reviewing vulnerabilities' data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and a changing environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets.
  
• Assist in improving and automating the existing vulnerability management lifecycle. Including but not limited, data ingestion & normalization, compliance metrics and detections on assets.
  
• Assist in partnering with tools and technology teams to troubleshoot, develop, select, implement and automate appropriate security solutions to keep system data protected from internal and external threats.
  
• Assist in providing support and resolution for scanning and vulnerability remediation reporting issues.
  
• Assist in working with the Business to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
  
• Stay current with vulnerability information across all the products in the environment.
  
• Provide technical support for vulnerability management projects.
  
• Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
  
• Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform.
  
• Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
  
• Assist in interfacing with third-party vendors and other organizations in improving the overall scanning process.
  
• Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
  
• Follow the day-to-day operations related to own jobs in the department to ensure continuity of work
  

Requirements

• Bachelor’s degree in a relevant field is required; Master’s degree is preferred.
  
• 2-4 years experience working within the information security field.
  
• Good communication skills (English, Arabic).
  
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
  
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  
• Proficient in preparation of reports, dashboards and documentation.