Cyber Analyst Vulnerability Management

Come join us at Con Edison as a System Analyst - Vulnerability Management! In this pivotal role, you will lead our vulnerability management response efforts, continuously enhancing application security workflows and processes. You'll be at the forefront of configuring and running vulnerability scans, assessing and prioritizing vulnerabilities, and coordinating with application teams to ensure robust security practices. Your expertise will be crucial in communicating risk to stakeholders, remediating vulnerabilities, and staying updated on the latest cybersecurity developments. If you're passionate about application security and eager to make a significant impact, we invite you to bring your skills and dedication to our team. Core Responsibilities

• Lead vulnerability management response efforts and events
• Continuously build and implement improvements to application security workflows and processes, including vulnerability scanning, assessment, prioritization, and tracking/remediation
• Develop new and update existing application vulnerability management policies, procedures, runbooks, and other documentation
• Configure and run vulnerability scans of applications using industry-standard tools
• Coordinate with application teams on scanning and application security practices, providing governance, oversight, and technical expertise
• Remain up to date on cybersecurity news and emerging vulnerabilities
• Assess and prioritize vulnerabilities for impact and cyber risk
• Communicate vulnerability statuses and associated risk to stakeholders and leadership
• Coordinate with stakeholders to remediate vulnerabilities timely, providing technical expertise and support as needed
• Ensure proper escalation and communication of critical vulnerabilities or other issues to leadership in a timely fashion
• Keep abreast of current developments in application security and vulnerability management and propose recommendations to mitigate risk
• Perform validation that vulnerabilities have been remediated/mitigated, working with other teams as required
• Collect, analyze, create dashboards, and report on vulnerability metrics
• Continuously learn, improve, and hone your skills to deliver advanced assessments
• Present to executive-level stakeholders
• Conduct presentations and education efforts on application security/vulnerability management and best practices
• Serve as a technical SME for more junior members of the vulnerability management team

Required Education/Experience

• Bachelor's Degree and with a minimum of two (2) years of cybersecurity, application development, or other related IT experience or
• Associate's Degree and with a minimum of four (4) years of cybersecurity, application development, or other related IT experience or
• High School Diploma/GED and with a minimum of five (5) years of cybersecurity, application development, or other related IT experience

Relevant Work Experience

• Previous IT or cybersecurity experience Required
• Knowledge of cybersecurity tools Required
• Understanding of industry standard policies, processes, and procedures covering incident, problem, and change management Required
• Understanding of OWASP Top 10 Required
• Proficiency in reading and understanding code across common web languages and frameworks (JS,C#, Angular, .NET) Preferred
• Familiarity with secure coding practices and proficiency in triaging vulnerabilities to understand impact Preferred
• Previous experience in application scanning and vulnerability management, including configuring and using DAST and CAST scanning technologies and performing vulnerability risk assessments/prioritization Preferred
• Familiarity with Microsoft Azure and/or other cloud service providers within context of development/publishing of applications Preferred
• Familiarity with API security testing and common API vulnerabilities Preferred
• Ability to remain agile and work in a fast-paced environment
• Highly organized and detail-oriented
• Demonstrated analytical and impact analysis skills
• Ability to handle multiple priorities effectively
• Knowledge of data/business intelligence tools is preferred (e.g., PowerBI, etc.)

Skills and Abilities

• Strong verbal communication and listening skills
• Demonstrated written communication skills
• Demonstrated analytical skills
• Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses and Certifications

• Driver's License Required

Additional Physical Demands

• Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.
• Must be able and willing to travel within Company service territory, as needed.
• Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required.

Mission Statement:

Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.