Sr. Security Analyst

NO C2C, Only W2 candidate can be considered

Job Details

Position: Sr. Security Analyst Location: Chicago IL, 1 day a week Duration: 6 months-with potential of converting Start Date: ASAP Interview Process/Times: TBD

In-Office Requirement:
We would require this candidate to be in the office one day a week, preferably on a day when the rest of the team is also in the office for collaborative purposes.

Description of the Job:
We are seeking a skilled and motivated Sr. Security Analyst to join our team! The ideal candidate will be responsible for supporting the Bank's Vulnerability Management Program, Security Awareness Program, and provide hands-on support for day-to-day security operations to ensure a resilient and secure environment. The Senior Security Analyst contributes to the success of the Bank by facilitating the vulnerability management program across IT and the broader organization. This individual will apply their passion for security and technology to design and operate technical processes to operate vulnerability scanning on a regular frequency, collaborate with stakeholders on reporting needs and prioritize resolution of issues with remediation teams.

Duties:
This role is mainly an additional vulnerability management program support staff resource on a team of Security Analysts. We are looking to transition our vulnerability management program process into the ServiceNow Vulnerability Response Module, which has already been configured in the environment. In the future, we will expand our vulnerability tracking and remediation efforts in the container space (EKS) and SAST space. Additional operational support duties are listed below.

Requirements:
2-5 years of vulnerability management experience.
4 year college degree in information technology, cyber security or equivalent experience.
Security and technology certifications are preferred (Security+, Microsoft Azure, AWS, etc).
Experience in a Windows Server environment.
Experience with custom reporting tools such as Tableau is preferred.
Experience with vulnerability scanning tools such as Nexpose, Qualys or Nessus.
Excellent analytical and problem solving skills.
Be a clear and confident public speaker, able to tailor messaging around technical concepts to diverse audiences.
Demonstrated experience evaluating security statistics to identify patterns and produce metrics that can be used for strategic decision making.
Familiar with standard security best practices.
Ability to quickly learn new processes and tools to find and manage software vulnerabilities.

Key Responsibilities:
Identify and create process improvements to the vulnerability management program.
Perform vulnerability scanning on a regular frequency.
Assess vulnerability risk and applicability based on existing guidance
Work with remediation teams to create and track plans to address discovered vulnerabilities.
Production of metrics and custom reporting to track the effectiveness of vulnerability management efforts.
Identify and evaluate vulnerability metrics to determine areas of concern and improvement.
Assist with efforts to quantify and analyze areas of risk in the environment.
Present vulnerability reporting to stakeholders.
Creating and adhering to procedure documents.
Perform Vendor Security and Software Risk Assessments.
Contribute to Security Awareness efforts on an as needed basis.
Contribute to Security Awareness efforts of Security Requests.

We are looking for additional support in the below areas:
Review and respond to phishing emails reported by users, and escalate if necessary.
Manage and resolve incoming service requests and incidents through the ServiceNow ticketing system.
Evaluate new technologies and solutions to ensure alignment with organizational security policies, standards, and risk tolerance before adoption.
Review and assess SOC2 reports as part of vendor security evaluations.
Assist in the development and facilitation of cybersecurity tabletop exercises to simulate incident response scenarios, evaluate organizational readiness, and identify gaps in existing processes and controls.

Enhancing Qualifications:
ServiceNow Vulnerability Response Module Experience is a plus
Familiarity of SAST, DAST, and SCA concepts from a vulnerability management remediation perspective is a plus
Container Security experience from a vulnerability management remediation perspective is a plus
Experience conducting risk assessments is a plus
Data Visualization experience is a plus (Tableau)
Experience Facilitating Tabletop Exercises is a plus
Experience running a security awareness program is a plus (Simulated Phishing and Security Awareness Training)
Experience performing header analysis/review of suspicious emails
Self-starter who can work independently as well as in a team setting

Additional Skills & Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field.
3+ years of experience in a security analyst role or similar position.
Proficiency with tools such as Nexpose/InsightVM, PrismaCloud, Checkmarx, Tableau, ServiceNow, ServiceNow [Vulnerability Response Module], KnowBe4, Bitsight, Spunk, and Crowdstrike.
Excellent communication and presentation skills.
Ability to work collaboratively with cross-functional teams.
This role requires a strong understanding of security protocols, risk management, and the ability to communicate technical concepts to diverse audiences.
Interest in understanding customer perspective to aid in development of the right solution.
Commitment to delivering quality solutions.
Ability to communicate technical topics to a non-technical audience.
Interest in understanding business needs to aid in developing solutions that are right for the broader organization