Must Sit in TX, IA, KS, NE Can be 100 percent remote. Summary:
The Vulnerability Analyst will provide operational support of Vulnerability Management processes for Client. Responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to the client's information assets and resources. Identify, analyze, and manage vulnerability-related risks within the organization.
Education and/or Experience
- Investigate Zero Day threats and emerging vulnerabilities, determine applicability, and recommend remediation and mitigation strategies
- Assist developers and other staff with prioritizing and remediating vulnerabilities
- Translate high level, technical analysis into easy-to-follow recommendations for remediation
- Develop procedures related to the review of vulnerabilities and ongoing monitoring of open vulnerability status
- Monitor emerging vulnerability management issues in the industry, related regulatory impacts, and how those relate to our business
- Analyze system services, operating systems, networks and applications from a security perspective and identify security issues that appear under new threat scenarios
- Provide input into related Vulnerability Management processes including file integrity management, configuration management, and system baseline development
- Detect and monitor new vulnerabilities, reviewing specifics of those vulnerabilities including publicly available exploits, and working directly with responsible teams to drive remediation and mitigation efforts.
- Interface and coordinate work effectively with colleagues and vendors
- Work with vendors to resolve operational issues with scanning tools
- Provide tier 3 security operations support
- Participate in security compliance efforts (e.g. PCI, HIPPA)
- Implement and support security-focused tools and services
- Drive continual improvement and innovation in the vulnerability management space
- Participate in on-call duties
- Bachelor's degree in Information Security, or related field or equivalent relevant work experience.
- 5+ years of professional experience, including 3+ years of hands-on work with vulnerability scanning tools, reporting, and risk classification.
- Experience with AZURE DevOps, CI/CD Pipelines, Automation
- SAST/DAST tools
- API Security
- Experience with operating system and third-party patching tools
- Understanding of risk management in microservices and traditional architectures
- Understanding of Windows and Linux operating systems and general network topology
- Understanding of STIGs and security baseline methodologies.
- Strong project management skills
- Ability to work with people with a variety of technical backgrounds and experience.
- Self-motivated and capable of following through on projects that may have long timelines for completion.
- Ability to work nights, weekends and/or early morning hours based on business needs
- Ability to read and comprehend written sentences and paragraphs in work related documents.
- Ability to effectively convey information to internal and/or external customers verbally
- Ability to use basic math skills to solve work related scenarios.
- Ability to use logic and reasoning to identify approaches and alternative solutions to problems encountered in assigned work area.
- Ability to use hands to finger, handle, or feel.
- Ability to stand, sit walk and talk or hear.
- Visual acuity, color vision, depth perception, peripheral to perform job duties.
- Ability to work in an environment where the noise is level usually moderate.
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at