April 30, 2022

Vulnerability Management Analyst

back to news

Department: Information Systems Security
Location: Albany, NY

About Us:

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We’re independent and vendor-neutral, so we have our clients’ best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset. Are you ready to contribute to our engaged workforce and deliver the NYSTEC Experience?

About the Role:

The vulnerability management analyst’s role will assist the deputy chief information security officer (CISO) in orchestrating all phases of the vulnerability management cycle to support NYSTEC’s information security initiatives. This position will interface with staff and management across all levels of NYSTEC, as well as with external business partners, to ensure that NYSTEC’s business critical functions and systems are secure and in accordance with best practices. As a vulnerability management analyst, you will lead the development of standards, processes, and technical solutions to enhance the maturity of NYSTEC’s vulnerability program, with a focus on prioritizing vulnerabilities—using information about attack vectors—and establishing a vulnerability management program for both on-premises and cloud environments.

Key Responsibilities

  • Leads the orchestration of all phases of the vulnerability management cycle, including asset identification and classification, vulnerability detection, remediation, verification, and reporting.
  • Implements mechanisms to detect vulnerabilities and determines how they may lead to corporate incidents, to enhance compliance with and support of security standards and procedures.
  • Works closely with members of the Information Systems Security team and IT team to enhance and automate the prioritization and remediation of vulnerabilities.
  • Detects, analyzes, interprets, evaluates, and integrates vulnerability data from multiple sources and formats for relevance to NYSTEC’s environment; monitors and provides metrics on the threat level of vulnerabilities to the systems, software, and networks.
  • Actively investigates and validates the latest security vulnerabilities, advisories (e.g., Microsoft, Oracle, VMWare), and incidents, and provides insights into relevance and threats to NYSTEC.
  • Plans, develops, configures, and executes vulnerability scans using tools such as Tenable-Nessus, Rapid7, and HCL AppScan on a variety of corporate and business information systems, both on-premises and cloud based.
  • Assesses potential threats and risks to systems and technologies, driving remediation with internal and external partners.
  • Identifies attack surface reduction opportunities through vulnerability data analysis and threat models.
  • As NYSTEC’s security program expands in a rapidly growing portfolio of new applications and products, works to build and scale the security controls around vulnerability management.
  • Assists in scaling and automating NYSTEC’s security infrastructure and developing technical standards and practices, such as integration with third-party systems, to automate workflows related to asset management, prioritization, scanning coverage, etc.
  • Proactively keeps applicable members of management and leadership updated on risks, with relevant metrics articulating the progress on addressing.
  • Supervises approval, tracking, and reporting of any security exceptions as the need arises.

About You:

Required Qualifications

  • Enhances relationships and networks with senior internal/external partners who are not familiar with the subject matter, often requiring persuasion. Adapts style to differing audiences and often advises others on difficult matters
  • Knowledge of general cybersecurity concepts and methods, including but not limited to secure configuration management, data protection and privacy, security monitoring, incident response, governance, risk and compliance, patch management, enterprise security strategies, and architecture.
  • Understanding of various operating systems (Windows, Unix, MacOS, etc.) and cloud concepts (secure build images, cloud patching, etc.) and knowledge of networking fundamentals.
  • Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7), including the ability to architect, deploy, configure, and operate.
  • Ability to conduct root cause analysis against vulnerabilities and to determine feasible technical solutions.
  • Knowledge of vulnerability scoring systems (Common Vulnerability Scoring System/Common Misuse Scoring System [CVSS/CMSS]).
  • Strong project management skills.
  • Strong written and verbal communication skills, time management skills, and the ability to prioritize tasks efficiently.
  • Commitment to the NYSTEC Experience.

Preferred/Desired Qualifications

  • CompTIA cybersecurity analyst certification (CySA+) or similar certification in information security, or ability to obtain within one year of hire.

Education and Experience

  • Bachelor’s degree, preferably in cybersecurity or a similar discipline, and five years of experience with security management frameworks (e.g., NIST, SANS, SCS). An equivalent combination of education, training, and experience will be considered.

If you’re an effective communicator who enjoys working in complex and collaborative environments, using your critical thinking and research skills to develop solutions for clients, providing support to customers, and you have the required education, experience, and skills, we want to hear from you.

Employees are required to comply with NYSTEC’s Vaccination Policy and Prevention Plan. Our policy requires proof of vaccination status or agreeing to submit weekly COVID-19 tests via our ADP portal. New York City office employees and travelers are required to submit proof of vaccination or apply for a workplace accommodation request in accordance with NYC Emergency Executive Order No. 98.

It is NYSTEC’s policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn More About NYSTEC – www.nystec.com

Start Your Application



This site uses cookies. By accepting cookies, you optimize your viewing experience. For more information, see our Privacy Policy.