Description
Job description
At LeasePlan, we are always asking What's next in mobility. Join our team and be part of a dynamic, exciting and engaging business, so we can discover What's next together!OBJECTIVEThe Vulnerability Management Information Security Analyst will be responsible for the identification, prioritization and reporting of security threats through internal and external tools and external testing on enterprise and service provider networks. The Vulnerability Management Information Security Analyst must be a highly motivated Information Security professional who has experience helping operations teams to address high risk vulnerabilities. They will be expected to work closely with the IT Infrastructure and Risk and Compliance teams to drive remediation of high-risk vulnerabilities using a risk-based approach.Deep level of experience in enterprise vulnerability management and penetration testing is required. Ability to drive change and apply critical thinking skills are key success factors. Extraordinary communication skills are necessary for this role, as you will need to translate highly technical concepts into risk impact and advise decision makers on the best course of action. The Vulnerability Management Analyst will execute the company's US vulnerability management program, and will focus on leading the vulnerability discovery, triage, prioritization, remediation tracking, and reporting processes across a variety of platforms. The ideal candidate will be diligent, tenacious, and willing to learn new skills and technologies to ensure the team achieves its mission. The Vulnerability Management Information Security Analyst will report to the IT Director, Security.ESSENTIAL FUNCTIONSMonitors complex systems and response to known and emerging threats against the network via vulnerability scanning and intrusion detection software. Following guidance assesses and disseminates threats related to the enterprise regarding current vulnerability by managing and developing an emerging threat model. Identify and handle network vulnerability assessments to identify vulnerabilities or confirm compliance to security standards using enterprise vulnerability tools. Conducts detailed, comprehensive investigation of security issues by reviewing security log and vulnerability scan data, interpreting data in support of the prioritization and remediation process. Enhances knowledge of new and emerging threats that can affect the organization's information assets by analyzing of third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from risk perspective. Direct or perform on-going vulnerability assessments, and penetration tests. Analyze results from internal and external vulnerability scans and drive risk remediation planning Assess identified vulnerabilities to understand their impact and potential mitigation and work with appropriate teams to create a plan for remediation, supporting the entity vulnerability management process end-to-end. Work with platform owners, internal and external technical teams, and business units in a security consulting role to facilitate vulnerability prioritization and remediation Ensure documentation of identified false positives and exclusions Ensure vulnerability scan results are consumable by the intended audience Partner with threat intelligence function to contribute to a common operating picture of aggregate risk exposure Develop and execute a strategy for vulnerability management and risk reduction that aligns with global best practices.Technical Skills/ Other DutiesUnderstanding of Vulnerability Management (VMM) concepts such as external and internal vulnerability scanning, penetration testing, vulnerability scoring, remediation, etc. Vulnerability Management solutions including managed services and implementation knowledge of products (such as Qualys). Oversee and support the continuous improvement of the vulnerability management program, processes and technology integrations. Produce detailed reports for key stakeholders, with factual documentation of the risks identified and clear recommendations for remediation actions for found vulnerabilities. Participate as a member of the Incident Response Team helping to resolve security incidents. Assist with governance processes, helping to provide audit support as requested.Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.CORE COMPETENCIESBachelor's degree in Computer Science, Information Systems Management, Cyber Security, or a related field accompanied by accredited certifications. Demonstrated knowledge of computer operating systems and networks, component architectures, application development, and/or data management processes and technologies - the successful candidate must understand the fundamental technical components, processes, and interactions of enterprise-level information systems Demonstrated knowledge of fundamental information security concepts and processes such as risk assessment and mitigation strategies, security control techniques and technologies, assessment and evaluation methods, and user access control methodologies Excellent analytic skills - the successful candidate must be able to receive information, digest it, and apply standards and requirements to that information and to produce a clear and effective evaluation/assessment. Excellent communication skills - both written and verbal Demonstrated facility with technical documentation Demonstrated problem-solving capability Ability to effectively manage time, and prioritize and execute tasks in a high-pressure environment Must be able to work independently and within deadlines One or more industry certifications including CISSP, SANS GIAC Certifications, IAT Level I-III, or NSA's IAM/IEM Desire and ability to quickly obtain industry certifications or additional expertise if neededLEADERSHIP RESPONSIBILITYThis position has no leadership responsibilities.WORK ENVIRONMENTThis position would be located in Alpharetta, GA and operates in a professional, climate-controlled environment. This position has the ability to work from home, but may be required to work in the LeasePlan office in Alpharetta, GA as needed.POSITION TYPE/STANDARD SCHEDULEThis is a full-time position. Hours of work are generally Monday through Friday; 8:
00am to 5:
00pm. Project and/or special activities, including incident response, may involve after-hours or weekend sessions.TRAVELNo travel is expected for this position.MINIMUM REQUIRED EDUCATION & EXPERIENCEBachelor's degree in Computer Science, Information Systems Management, Cyber Security, or a related field with at least 5 years of hands-on experience OR 3
years hands-on experience accompanied by accredited certifications. .Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.Careers at LeasePlanLeasePlan operates across more than 30 countries. With over 55 years' experience, LeasePlan's mission is to provide What's next in mobility so our customers can focus on what's next.We also believe 'you cannot grow a business; you can only grow people who can grow the business.' LeasePlan is proud of its culture of service and care towards customers and each other, which has endured for over 55 years. By applying to work with LeasePlan, you are joining a team where you yourself will get to play a part in building the future of our business.
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications
.png)