Rutgers, The State University of New Jersey, is seeking a Cybersecurity Threat & Vulnerability Management Analyst. Reporting to the Information Security Manager, the Threat & Vulnerability Management Analyst is responsible for actively monitoring current and new threat and vulnerabilities that could potentially impact the University, maintaining all vulnerability or threat management solutions, ensuring that all assets are scanned for vulnerabilities regularly, and detecting weaknesses in networks and software and then taking appropriate measures to prioritize and remediate threats. The Threat & Vulnerability Management Analyst will work alongside other information security professionals in the OIT-Information Security Office.
Among the key duties of this position are the following:
Researches and communicates vulnerabilities across multiple operating systems and software packages, and investigates vulnerability telemetry received from multiple VM platforms.
Performs and controls vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and Hands on operational experience with vulnerability management tools including the ability to deploy, configure, and run these tools.
Works with cross platform technology teams to identify ownership for various technologies, and educate partners on the cyber security aspects of lifecycle management, and define, refine, and operationalize agent-based and scanning-based vulnerability management deployments, optimizing both architectures in a risk balanced approach for Vulnerability Management.
Partners with various internal stakeholders including IT Engineering and Infrastructure teams, Development, and other relevant teams in Cybersecurity to conduct holistic response management on identified vulnerabilities and the remediation efforts, develops the integration and automation strategy around multiple VM toolsets, and ability to evaluate vulnerability management tools and assist with vendor selection.
Operationalizes processes and functions to empower partner teams to own and manage their platforms, working within pre-defined SLAs to ensure that critical vulnerabilities are defined and that remediation paths are understood and executed on, and participate in a team of talented engineers and analysts to a continuous improvement of end-point Threat Vulnerability Management (tvm) telemetry.
Defines and reports program roadmap, status, development issues and success metrics, and monitors progress, manages risk, ensures key stakeholders are kept informed about progress and expected outcomes, and ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
Stays abreast of current business and industry trends relevant to the client's business and cybersecurity, and works with engagement teams to own distinct portions of vulnerability management solutions tailored to client environments.
Minimum Education and Experience:
Bachelor's degree in the field of Computer Science, Information Systems, Engineering, Business or related field and a minimum of five (5) years of related work experience; or a master's degree and three (3) years of related work experience.
Required Knowledge, Skills, and Abilities:
Familiarity with security and risk standards including PCIDSS, NIST, ITIL, COBIT.
Hands on operational experience with vulnerability management tools, including the ability to architect, deploy, configure, and operate.
Understanding of various operating systems (Windows, Linux, MacOS etc.); cloud concepts (secure build images, ephemeral workloads, cloud patching etc.); knowledge of networking fundamentals.
Deep expertise in writing and running queries to prepare metrics reports and dashboards.
Good understanding of scanning tool APIs to architect integrations with other tools.
Ability to report issues clearly and succinctly and adapt communication styles to demonstrate vulnerability severity to client technical stakeholders and leadership.
Knowledge of general cybersecurity concepts and methods including, but not limited to secure configuration management, data protection and privacy, security monitoring, incident response, governance, risk and compliance, patch management, enterprise security strategies and architecture.
Ability to assist in the project management of cybersecurity projects including development of project charters, project plans and status updates.
Strong written and verbal communication skills with demonstrated ability to interact with senior management, technical SMEs, business partners and influence decisions.
Ability to examine issues both strategically and analytically.
Relevant certifications such as CISSP, GSEC (or other SANS certifications), CEH, Security+, ITIL.
One (1) years of experience with EDR, workflow and playbook development, and containment and remediation capabilities native to standard EDR platforms.
Physical Demands and Work Environment:
Ability to travel to different campus sites.
Ability to lift up to 20 lbs. (promotional materials and/or small equipment).
Sit or stand at computer to work on various projects for hours at a time.
Posting Number: 22ST2131
Location: Rutgers University - New Brunswick
Internal Number: 168519
About Rutgers University
Rutgers, The State University of New Jersey, is a leading national public research university and the state's preeminent, comprehensive public institution of higher education. Rutgers is dedicated to teaching that meets the highest standards of excellence; to conducting research that breaks new ground; and to turning knowledge into solutions for local, national, and global communities. As it was at our founding in 1766, the heart of our mission is preparing students to become productive members of society and good citizens of the world. Rutgers teaches across the full educational spectrum: preschool to precollege; undergraduate to graduate and postdoctoral; and continuing education for professional and personal advancement. Rutgers is New Jersey's land-grant institution and one of the nation's foremost research universities, and as such, we educate, make discoveries, serve as an engine of economic growth, and generate ideas for improving people's lives.