InfoSec Analyst, Hardening

The Info Sec Analyst will work with the team to help approve the process to measure hardening compliance across various US-based entities. This person will support the team to understand hardening compliance gaps by setting up the initial configurations of the compliance measurement tool, creating new compliance measurement profiles and setting up the reports templates needed. The ideal person is very comfortable assisting the Security teams in consolidating the way/tool used to measure hardening compliance.

• Analyze potential impact to applications of implementation of web servers and databases hardening rules and triage potential false positive or false negative rules evaluations.
• Review and track implementation of hardening controls from the technical point of view.
• Engage with global VSS and/or global GRC teams in case adjustments to global guides are needed.
• Assess hardening compliance gaps identified by the hardening compliance scans and evaluate, rate and perform risk assessments on assets by creating new report templates.
• Prioritize remediation of gaps discovered along with remediation timeline(s) and work with associated teams to explain gaps and remediation steps as required.
• Create reports and provide analysis on gaps for technical teams and leadership.
• Provide CIOs guidance on application updates needed to solve application compatibility issues with hardening rules.
• Provide guidance to sysadmins on how to adjust settings to make IT assets more secure.
• Collaborate with upper management and technical teams to help create strategy and technical design to configure and install Policy Compliance Qualys module.
• Provide crucial insights into the most pressing issues and suggest how to prioritize security resources while monitoring for and detecting security events utilizing Qualys.
• Evaluate, rate and perform risk assessments on assets in addition to reviewing alerts escalated by end users and perform initial triage of incoming issues.
• Document, investigate and notify appropriate contact for security events and response while participating in the resolution of events, even after they are escalated.
• Monitor health alerts and downstream dependencies in addition to providing limited response to end users for low complexity security events and reviewing false positive with the various Security teams to tune and provide feedback to improve accuracy of the alerts.

• Bachelor’s Degree is required
• 2-3+ years’ experience of vulnerability management/hardening compliance is required
• 2+ years’ experience using Vulnerability Management & analysis tools (Qualys and Compliance module and/or Nessus)
• General network knowledge, TCP/IP, middleware, network equipment or firewalls/IPS
• Strong understanding of vulnerability scanning and reporting

• Bilingual in both English/Spanish (strong written & verbal skills) is a plus
• Previous experience as a Systems Admin hardening Windows/Linux systems is desired