Vulnerability Analyst II - Security Operations Center

Job description

Empowered. Innovative. Inspiring. Creative. Intense. These are all words we use to describe life at IBM.

At IBM, creating innovative IT solutions for global companies is only the beginning. Our clients need to ensure that their world-class systems not only meet business requirements, but are secure and reliable. That is where you come in.

Vulnerability Analyst II's are responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment. Daily activities include:
·  Operation of various scanning tools in use
·  Assessment and analysis data collected from scan tools
·  Tracking and reporting on discovered vulnerabilities and remediation efforts
·  Identification of overdue system remediation efforts
·  Sourcing and tracking of public and pre-embargoed vulnerability disclosure sources.
·  Analysis and reporting of all applicable publicly disclosed zero-day vulnerabilities.
·  Coordination with system owners to identify and remediate scan problems
·  Coordination with system owners to provide requested details about scan findings, scan methodologies and remediation recommendations
·  Assisting Program Managers with reporting and continuous motion on remediation efforts Responsibilities
·  Monitor a strategic, comprehensive corporate, commercial and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
·  Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
·  Provide information to system owners of flaws identified within that group's responsible systems.
·  Ensure that IBM Cloud is in compliance with all applicable Federal, IBM Internal and industry standard directives and policies regarding securing and monitoring of information systems
·  Assist in risk assessment duties including reporting and oversight of remediation efforts
·  Enterprise-level experience managing the remediation of vulnerabilities in two or more of the following areas:
·  Server Operating Systems (Windows Server, Red Hat, CentOS)
·  Network (Cisco, Palo Alto, F5, McAfee)
·  Storage (NetApp, CleverSafe)
·  Manage multiple projects with various priority levels and time lines from start to finish
·  Develop and maintain accurate documentation for internal procedures and services
·  Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
·  Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
·  Must collaborate with other departments to resolve complex issues and be detail oriented
·  Ability to automate solutions to repetitive problems/tasks

CLDSFT5K
Auto req ID

133141BR
Required Education

High School Diploma/GED
Role ( Job Role )

System Services Representative
State / Province

TEXAS
Primary job category

Product Services
Contract type

Regular
Employment Type

Full-Time
Is this role a commissionable/sales incentive based position?

No
Travel Required

No Travel
IBM Business Group

W&CP
Preferred Education

Bachelor's Degree
City / Township / Village

RICHARDSON
Required Technical and Professional Expertise

·  2+ years of information security experience OR 3+ years of applicable experience with Linux/UNIX systems in a production environment OR other relevant experience.
·  Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred
·  Knowledge of generic information security standards/programs
·  Understanding of basic network concepts, familiarity with TCP/IP and VLAN functionality
·  Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants
·  High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
·  High degree of initiative and ability to work with little supervision
·  Capability to maintain highly detailed documentation and ticketing
Country/Region

United States
Preferred Technical and Professional Experience

Preferred:

·  Experience with the common tools associated with penetration testing (Metasploit, Burp Suite, Kali etc.)
·  Ability to effectively code in a scripting language (Python, Perl, etc.) Education :
·  Degree in computer science or other technical discipline is preferred
·  Possession of industry certifications highly preferred. Including, but not limited to, Security+, Linux+, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC) or ability to obtain after hire
Eligibility Requirements

·  None
Position Type

Professional
New Collar Role

Yes