Vulnerability Management Risk Specialist (BHJOB22048_739)

Server Vulnerability Management Risk Specialist

Sr. Server Vulnerability Management Risk Specialist will provide Server Compliance Program outreach across all of technology to serve as Vulnerability Management subject matter expert coordinating Infrastructure Vulnerability Management (VM) efforts with internal customers and service providers, improve VM processes and procedures, and drive compliance efforts.

Responsibilities

• The Infrastructure Vulnerability Specialist will serve as a coordination point across all of technology to coordinate Vulnerability Management (VM) efforts with internal customers and service providers.
• Infrastructure Vulnerability Management guidance, coordination, processes, grouping, workflows, exception handling, VM remediation processes, tracking and reporting.
• Coordinate with Business groups, Server owners, Information Security, and other internal teams to remediate infrastructure vulnerabilities and help drive currency efforts for systems near the end of lifecycle
• Provide situation-based support, using information security policies and compliance standards, to ensure identified vulnerabilities are remediated and updates are installed in an appropriate and timely manner.
• Investigates vulnerability findings present within the enterprise, and coordinates remediation efforts in collaboration with server owners and other subject matter experts.
• Coordinate scheduling of servers for installation of patches, software, and other compliance standards in accordance with established policies.
• Validate VM Change requests for accuracy and completeness and drive timely Critical Vulnerability remediation efforts.
• Reporting - pull data and build reports for Vulnerability Response and Configuration Compliance.
• Provide status reports to leadership related to VM metrics, key risk indicators, trending risks, and compliance
• Ensure vendors follow established procedures and SLAs in accordance with contractual obligations in the execution and proper documentation of Vulnerability Management activities
• Coordinate with Third Party Vendors, Business Groups, and individual server owners to maintain compliance posture as it relates to Infrastructure Vulnerability management
• For internal and external servers - leverage defined baseline set of controls, baselines, and benchmarks.
• Help with ServiceNow module Vulnerability Response and Configuration Compliance implementation.
• Collaborate with teams, to improve success rate on VM activities, drive infrastructure currency efforts for end of life systems, and assist with Service Now CMDB quality improvements
• Initiate automation projects, to minimize manual processes in operations

Qualifications

• 5+ years' experience IT Systems Administration, Vulnerability Management, Server Configuration compliance.
• 3-5+ years Server Vulnerability Management and Server Configuration Compliance - NVD, CVSS, CVE, MITRE CWE, CIS Benchmarks, Server Controls baselines, standards, and controls.
• Experience managing IT vulnerability management processes, remediation, and infrastructure server patching guidance.
• Experience with Vulnerability tools: Qualys, BigFix, and/or ServiceNow Vulnerability module
• Good collaboration and communication skills to influence remediation with server owners - Vulnerability risk scoring, prioritization, and remediation tracking.
• Strong data analysis skills, to analyze vulnerability data and publish metrics
• Bachelor's degree from an accredited college/university or equivalent professional experience
• CISSP, CISM, CRISC Security / Risk Certifications or similar - preferred.
• Nice to have: Exposure to ServiceNow Modules - Vulnerability Remediation (VR) OR Configuration Compliance (CC)

LOGISTICS:

• Remote Work in Denver, CO or Atlanta, GA (candidate must be in those locations / no relocation provided).
• COVID-19 Vaccine Required - Must be fully vaccinated OR provide valid medical or religious exemption.
• Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
• You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future.
• W2 only - No sub vendors. Sponsorship NOT available.
• Must have direct contact information on resume (phone / email) to be considered.