Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Cybersecurity Vulnerability Remediation Analyst

T

TPG Staffing

Cybersecurity Vulnerability Remediation Analyst

Edison, NJ
Full Time
Paid
Similar Jobs
  • Responsibilities

    Our client, a successful financial technology and services company, currently seeks an experienced Cybersecurity Vulnerability Remediation Analyst to analyze the Vulnerability Threats using company’s EDR (CrowdStrike) and SIEM (SecureWorks Taegis XDR) tools. The analyst is also responsible for deploying the necessary patches across the infrastructure to remediate the vulnerability findings. The CVRA will keep current by monitoring CISA, MITRE, FFIEC and other threat intelligence sources for all critical infrastructure supporting the company and its clients.

    Responsibilities:

    • Remediate vulnerabilities via monthly OS (primarily Windows, with some Linux RedHat) patching on 1,000 servers and schedule changes for items outside standard OS patching.
    • Track, schedule, and remediate vulnerabilities reported in several reports or OS, Database and Middleware.
    • Use company’s tools (EDR, SIEM, GFI Languard Patch Manager) to report on existing vulnerabilities with targets for remediation. We use CrowdStrike as our EDR and SecureWorks as our XDR. We use Microsoft InTune to check software across workstations.
    • Update Change Management Database (CMDB) and compare to Baseline for anomalies.
    • Patching and Vulnerability Management should cover the following technologies:
      • Operating System (Windows and Linux RedHat)
      • Citrix Virtual App, Director, StoreFront, & NetScalers
      • Adobe
      • Chrome
      • Microsoft Office
      • Java
      • IBM Connect:Direct – patching will be done by the Connect:Direct team, but the role calls for tracking in this case
      • Microsoft BizTalk – patching will be done by the BizTalk team, but the role calls for tracking in this case
      • Microsoft SQL Server – patching will be done by the database team, but the role calls for tracking in this case
      • IBM WebSphere MQ – patching will be done by the database team, but the role calls for tracking in this case
      • Automize
      • VMWare
    • Review and report on status of hardware patching used in the datacenter – ESX, Firewalls, etc.
    • Work with infrastructure security team to establish appropriate patching cadences for each component, server type and virtual environments. Monitor vulnerabilities and escalate as per policy (critical and high, medium as soon as possible and low at next reporting interval).
    • Schedule the meetings with different support teams to review the vulnerabilities and remediation strategy.
    • End of Life (EOL) tracking, reporting, and remediation planning.
    • Tracking SSL certificates and installing new ones.
    • Participate in weekly working group status calls with infosec and infrastructure working groups as needed. Participate in daily infrastructure meeting held at EST afternoons.
    • Flexibility to participate in on call support some weeknights and weekends where needed for implementation checkout or triage.

    Requirements:

    • Computer Science BS/Engineering.
    • 5-7 years’ relevant experience in Cybersecurity threat detection and remediation.

    Preferred Skills and Qualifications:

    • Previous experience in financially regulated environments (SEC, OCC, Federal Reserve, FINRA, SOC 1 and SOC 2, etc.) preferred.

     

    The above requirements and qualifications are meant to describe the general nature of the position and do not represent all duties to be performed by the selected candidate. Please note that only candidates who are under consideration for the position will be contacted. The Company is an equal opportunity employer. All employment is decided on basis of qualifications, merit and business needs without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.