Cyber Threat & Vulnerability Management (TVM) Analyst

Job description

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 103,000 colleagues serve people in more than 160 countries.

JOB DESCRIPTION:

Primary Function

Provide cyber defense services through threat & vulnerability management (TVM) and attack surface reduction to help protect and reduce risk for Abbott and its customers

Key Responsibilities

• Run day to day operations including attack surface management, vulnerability scanning, reporting and remediation efforts
• Customize reports on assessment findings and summarize to facilitate remediation tasks
• Collaborate with asset owners and the business for timely remediation
• Produce vulnerability, configuration, and coverage metrics to demonstrate remediation effectiveness and how risk is being reduced
• Ensure that vulnerability management Service Level Agreements and policies are defined, tracked and met across Abbott
• Mentor and guide TVM Analysts and perform knowledge transfer to other teams as required
• Coordinate with Cyber Threat Intelligence and Incident Response to identify and remediate gaps
• Reduce the attack surface by using frameworks like OWASP, MITRE ATT&CK, and CIS Top 20
• Compose and deliver Situation Reports and Threat Briefs for Senior Leadership
• Participate in cross-team coordination to achieve defined security goals as well as meet technical requirements in support of detailed implementation plans for security projects

Experience

• 5+ years of hands-on experience directly related to the area of threat and vulnerability management, web application security, penetration testing or cyber threat intelligence
• Experience with large scale environments like Abbott
• 3+ years with vulnerability scanners like Rapid 7, InsightVM, Qualys, OpenVAS
• 3+ years with DAST / web application security scanners like Acunetix, Burp Suite, ZAP
• 3+ years with tools like Nmap, Recon-ng, and WMI to identify network nodes, services, configurations, and vulnerabilities that an attacker could use as an opportunity for exploitation

Skill Requirements

• Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
• A broad and thorough understanding of cyber-security threats, vulnerabilities, controls and remediation strategies
• Strong technical knowledge in information technology, to include hardware, networking, architecture, protocols, files systems and operating systems.
• Be available for on-call duty to assist in major cybersecurity incidents
• Be driven for both personal and peer development through security conferences, Capture the Flags (CTF), lab time, and Lunch and Learns

Education & Certifications

• Bachelor’s degree preferred but will consider 5+ years of work experience as it translates to an equivalent degree. 
• One or more of the following GIAC: GEVA, GCIH, GSEC, GPEN, GWAPT or similar, or the OSCP is a strong nice to have.

JOB FAMILY:

DIVISION:

LOCATION:

ADDITIONAL LOCATIONS:

WORK SHIFT:

TRAVEL:

MEDICAL SURVEILLANCE:

SIGNIFICANT WORK ACTIVITIES: