Senior Security Analyst - Vulnerability Management

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance.

TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR.

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single requirement. At TriNet, we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, we encourage you to apply anyways. You may just be the right candidate for this or other roles.   

The Senior Vulnerability Management Analyst performs security assessments of container images and application platform code within the enterprise environment and identifies where the container images and code deviate from acceptable configurations and/or policies and standards.

 You will work in collaboration with Cyber Defense, Risk, Product Security, and Application Engineering teams to drive vulnerability remediation across the enterprise environment and visualize vulnerability risk and performance metrics to executive leadership.

ESSENTIAL DUTIES/RESPONSIBILITIES

• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas.
• Exhibit good understanding of vulnerability validation, re-production, remedy advice and vulnerability research skills.
• Prepare reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Engage with various internal teams to conduct holistic response management on identified vulnerabilities and the remediation efforts.
• Articulate likelihood of exploitation and impact to IT leaders with the proven ability to convey the urgency and need to remediate vulnerabilities commensurate with the risk they present.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense.

JOB REQUIREMENTS AND QUALIFICATIONS
Education: 
Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.

Training Requirements (licenses, programs, or certificates): One or more of the following desired but not required

• ISC(2) Certified Information Security Services Professional (CISSP
• Burp Suite Certified Practitioner
• Certified Application Security Engineer (CASE)

Experience: 

• 5+ years’ related experience in Engineering/IT Operations, Security Operations, Vulnerability Management, DevSecOps, and/or Incident Response in large enterprise environments.
• Hands-on experience with Prisma Cloud, ServiceNow Application Vulnerability Response, Jira, Invicti, SonarQube.
• Hands-on experience with cloud infrastructure providers such as OCI and AWS.

Other Knowledge, Skills and Abilities: 

• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Skill in communicating complex technical information to an executive audience.
• Skill in utilizing Python for data analysis.
• Skill in conducting vulnerability scans and recognizing vulnerabilities in complex systems.
• Skill in how to write and tune behavioral rules in Invicti and SonarQube.
• Skill in conducting application vulnerability assessments.
• Skill in recognizing, assessing, and understanding cloud container vulnerabilities.
• Knowledge and understanding of the Agile Scrum framework.

WORK ENVIRONMENT/OTHER INFORMATION (Travel required, physical requirements, on-call schedules, etc.)

• Minimal travel required
• Work in a clean, pleasant, and comfortable office setting
• This role requires daily on-site presence at our Hyderabad office to collaborate with team members and participate in in-person meetings. 
• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• This position is 100% in office.

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.
TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact recruiting@trinet.com to request such an accommodation.