Vulnerability Engineer in Erlanger, KY - Only W2

  • Erlanger, KY
  • Posted 3 days ago | Updated 3 days ago

Overview

On Site
Depends on Experience
Contract - W2
Contract - 12 Month(s)

Skills

Vulnerability
Security
Risk Assessment
DevSecOps
OWASP
ISO
2710012
SOX
SOC1
SOC2
IAM

Job Details

Job Details:
Vulnerability Engineer
Erlanger, KY (locals highly preferred)
Onsite from day 1 (5 days/week work from office)
Contract (W2)
10+ Years

Mandatory Skills:
Infra Vulnerability Management - Qualys, Infra Vulnerability Management - Rapid 7, Infra Vulnerability Management - Tenable 10,Infra Vulnerability Management - Tenable Nessus Vulnerability management/ Triaging / Remediation Advisory / Service Now /ITSM /CMDB

Job Description:
The Security and Compliance Analyst is responsible to perform the following duties:
1 Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
2 Fair understanding of Technology Landscape Applications Infrastructure Cloud and review clients information security and related threats and vulnerabilities legal and regulatory

Requirements:
3 Good Understanding on Security Standards like ISO 270012 SOX ITSOC1 or SOC2 DevSecOps OWASP top 10 Business Impact analysis ISO 22301 ISO 27005
4 Assess and classify all potential business and infrastructure information risks
5 Review and advise on information security risks of vendor offerings New leveraging existing SAAS PAASIAAS services including integration with Client environment
6 Conduct risk assessment on Applications Network Systems according to Client policies applicable Standards legal regulatory requirements
7 Identify the risks in the Client Projects provide recommendations for remediation of identified risks
8 Translate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its methodologies
9 Identify or design the controls for implementation based on the outcome of Risk Assessment its remediation and residual risk
10 Ensure all the controls outlined for an application Infrastructure are designed effectively
11 Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
12 Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
13 Ensure all the risks are documented classified and tracked with appropriate action as per the IRM standards
14 Work with Project Managers Business Analysts Architecture and Support Team to ensure Client Information Risk Management standards are being followed
15 Test the control effectiveness post implementation or deployment of controls and technologies
16 Conduct Security governance with Client stakeholders

Technology
1 Understanding of Cloud Security SAAS IAAS and PAAS and On-premise infrastructure
2 Understanding of secure application development and support
3 Knowledge on Network Security Data Security Practices Endpoint Security Identity and 4 Access Management
5 Knowledge on Business Continuity Plan and Disaster Recovery

Knowledge and skills
1 Projects Stake holder Management Governance Management Reporting
2 Very good communication skills Agile Project delivery
3 Cloud Security controls Data Security Selnfo baselines Privacy requirements

Industry Certifications
ISO 27001 Lead Auditor or Lead Implementor CISA CRISC CISM CISSP

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.