Yale University

Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Vulnerability Management Analyst

at Yale University

Posted: 9/24/2019
Job Reference #: 1388866
Keywords: operations

Job Description

STARS Requisition number
57545BR

Posting Position Title
Vulnerability Management Analyst

Essential Duties
1. Develop, implement and maintain the processes and capabilities of a risk driven vulnerability management and security testing program that meets the University's evolving requirements.2. Deploy and operate open source and commercial vulnerability assessment and management tools.3. Provide vulnerability assessment, reporting and remediation.4. Provide threat and vulnerability monitoring and identification.5. Provide support for related security functions, including security design reviews, event correlation, firewall management, risk and compliance, incident response, ediscovery and forensics.

Required Education and Experience
1. Bachelor’s Degree in a related field and two years of related experience or the equivalent combination of education and experience.2. Experience using vulnerability scanning tools such as Tenable, Qualys, Rapid7.3. Experience with vulnerability management and security testing for cloud services.

Weekend Hours Required?
Occasional

Evening Hours Required?
Occasional

Duration Type
Regular

Work Week
Standard (M-F equal number of hours per day)

University Job Title
Vulnerability Management Analyst

Worksite Address
150 Munson Street
New Haven, CT 06511

Work Location
Central Campus

Drug Screen
No

Health Screening
No

Original Posting Date
06-Sep-2019

Background Check Requirements
All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check. Please visit www.yale.edu/hronline/careers/screening/faqs.html for additional information on the background check requirements and process.

Searchable Job Family
Computing and Information Systems

Total # of hours to be worked:
37.5

Position Focus:
The Vulnerability Management Analyst is responsible for providing risk-based vulnerability management to the University as a member of the security operations team. This position provides vulnerability scanning, assessment, reporting and remediation recommendations using dedicated vulnerability management tools. In addition, this position uses data collected from general security tools such as IDS, firewalls, and network traffic monitoring to analyze events and risks to the University's assets. Lastly, this position’s responsibilities include developing, implementing and maintaining the processes and capabilities of a risk driven vulnerability management and security testing program that meets the University's evolving requirements.
 
Yale University’s Information Security Office (ISO) coordinates the institution’s response to cyber security risk, enabling Yale’s mission of research, teaching, preservation of knowledge and clinical care. The ISO performs a range of security functions as part of this coordination mission, such as intrusion and vulnerability detection, incident response, policy development, training and awareness, risk assessment, information system classification and analysis, enterprise identity and access management services, regulatory and compliance attestation, disaster recovery coordination, third-party risk management, and security consulting.

We are looking for curious, security-minded people who are interested in joining a team of security professionals. Ideal team members bring with them a collaborative approach, creative thinking, and their own unique blend of skills and experience to help drive the execution of the long-term security strategy.
 
Core Skills

• Knowledge of network security architecture, understanding of the TCP/IP protocol.
• Knowledge of system and application security threats and vulnerabilities.
• Solid understanding of application security resources provided by OWASP.
• Demonstrated ability to manipulate data using scripting languages such as Shell, Python, Perl, PowerShell. Ability to data model.Exposure to tools such as Splunk, Kibana, SIEM or SQL.
• Familiarity with attacker tactics, techniques and procedures.
• Knowledge of security frameworks such as Mitre Att&ck, NIST CSF.
• Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics.
• Strong understanding of Threat Intelligence and Threat Profiling.
• ?Demonstrated ability to develop and document complex procedures.


Preferred Education, Experience and Skills:
Demonstrated experience with log analysis and correlation tools and techniques; demonstrated experience with intrusion detection technologies; experience as a Linux or Windows System Administrator; experience as a software developer.

Posting Disclaimer
The intent of this job description is to provide a representative summary of the essential functions that will be required of the position and should not be construed as a declaration of specific duties and responsibilities of the particular position. Employees will be assigned specific job-related duties through their hiring departments.

Affirmative Action Statement:
Yale University considers applicants for employment without regard to, and does not discriminate on the basis of, an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Yale discriminate on the basis of sexual orientation or gender identity or expression. Title IX of the Education Amendments of 1972 protects people from sex discrimination in educational programs and activities at institutions that receive federal financial assistance. Questions regarding Title IX may be referred to the University’s Title IX Coordinator, at TitleIX@yale.edu, or to the U.S. Department of Education, Office for Civil Rights, 8th Floor, Five Post Office Square, Boston MA 02109-3921. Telephone: 617.289.0111, Fax: 617.289.0150, TDD: 800.877.8339, or Email: ocr.boston@ed.gov.

Compensation Grade
Administration & Operations

Compensation Grade Profile
Supervisor; Senior Associate (P5)

Bargaining Unit
None - Not included in the union (Yale Union Group)

Supervisory Organization
Information Security, Policy & Compliance - Security Operations

Time Type
Full time

Required Skill/Ability 1:
Demonstrated experience with vulnerability management and security testing methodologies and practices.

Required Skill/Ability 2:
Demonstrated experience with system, application and database hardening techniques and practice.

Required Skill/Ability 3:
Demonstrated experience with web application security evaluation and remediation.

Required Skill/Ability 4:
Proven ability to perform technical and non-technical risk and vulnerability assessments.

Note
Yale University is a tobacco-free campus