Vulnerability Management Analyst

Benefits:

• Competitive compensation

• Medical, Dental, and Vision insurance

• 401(k) Retirement Savings Plan with substantial company match

• Life and Travel Insurance

• Tuition Assistance

• Wellness Reimbursement Program

• Paid Holidays and Vacation

What is a Vulnerability Management Analyst?

The Vulnerability Management Analyst (VMA) role is an integral part of the Cybersecurity team. A Vulnerability Management Analyst will take on the role of assessing our environment and ensure all systems, applications and devices used by the business are scanned regularly for vulnerabilities. They will use cybersecurity tooling, technical briefings, and other resources to stay current with the threat landscape that could impact our environment. Vulnerability Management Analysts will escalate any published or discovered vulnerability/threat finding to the business or technical owners for remediation, adhering to our recommended SLAs. Partnering with the business and technical teams, the Vulnerability Management Analyst will oversee the full life-cycle of a vulnerability/threat from initial reporting, escalation, to full remediation. Responsibilities may change as the needs of the department evolve.

What does a Vulnerability Management Analyst do?

Responsibilities include but are not limited to:

• Operates and supports all vulnerability management solutions/tooling

• Increases business awareness and vigilance regarding the threat landscape and potential impacts

• Forms partnerships with the business and technical teams to improve the remediation effort and experience

• Provides guidance to business stakeholders on vulnerability management processes and procedures

• Analyzes vulnerability and threat data to define patterns and trends

• Conducts risk-based analysis of vulnerability data to effectively prioritize remediation efforts

• Develops and maintains documentation that defines our vulnerability management program and policies

• Develops and maintains vulnerability reporting metrics for IT leadership and executive team

• Collaborates with the Cybersecurity Operations team to prioritize current threats and active exploits

• Tracks and manages vulnerabilities applying to all IT & OT systems and applications

• Performs vulnerability scans, creates remediation action plans and tracks those plans to completion        

• Supports with cybersecurity incident response including the investigation, documentation, and remediation in the event of an actual cybersecurity incident

• Performs other duties as assigned to support the organization’s cybersecurity mission

• Provides storm/emergency restoration efforts

What does it take to be a Vulnerability Management Analyst?

Required:

• Bachelor’s degree in Computer Science, Management Information Systems, Information Technology, Cybersecurity, or a STEM related field. In lieu of a bachelor’s degree, an associate’s degree in the aforementioned fields and at least 3 years of related experience in cybersecurity or a high school diploma or equivalency degree and 5 years of related experience in cybersecurity.

• Excellent verbal and written communication skills including the demonstrated ability to write clear and concise technical documentation and policy

• Strong interpersonal skills and the ability to work with internal customers in an interactive team environment

• Strong organizational, analytic, troubleshooting, problem solving, and decision-making skills

• Ability to multitask, pay close attention to detail, and adapt to a variety of support environments and assignments as priorities may change with little notice

• Valid driver’s license

Preferred:

• Experience with Cybersecurity tooling such as Rapid7, Tenable, Microsoft Defender, etc.

• In-depth knowledge of National Institute of Standards and Technology (NIST) Cybersecurity Framework and 20 Critical Security Controls, NERC Critical Infrastructure Protection (NERC CIP)

• Experience in the energy and utility industry, services industry, or a regulated or co-sourced environment

• Strong knowledge of computer systems, information security software and hardware components, network systems, databases, and information security safeguards

This position has a career path which allows for advancement opportunities within a job series.  The title and level are commensurate with experience. Pay range: $69,800 – $163,800

Please go to https://www.cenhud.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted.  No phone calls or agencies, please.  All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR