Responsible for providing security remediation-related services and support to meet the latest compliance and organizational patch governance requirements. The analyst requires deep analytical thinking based on research results to assess software patches, registry updates and other configuration changes required to harden systems and remediate known security vulnerabilities.
The analyst will provide compliance reporting and analysis, assessments including conducting security, system, and business impact analysis. The candidate must understand the implications and impacts on operations of remediation techniques. Must analyze, foresee and communicate the side effects of the patch and/or remediation changes. Analyst must quantify the risks and opportunities (for better security) when patches/fixes are applied in production environment.
ESSENTIAL FUNCTIONS:• Review daily results from our vulnerability scanner, identify vulnerabilities and exposures.• Utilize data collected in analysis tool to rank, identify severity level and plan short- and long-term remediation and proactive countermeasures and controls.• Remediate computer security vulnerabilities in diverse, IT ecosystem comprised of Windows/Linux Servers, client workstations/laptops/mobile devices, applications, storage and network systems, HP/Dell/Cisco/Palo Alto and other hardware types. Examples include patching, changing registry values, working with the firewall team, network experts, SCCM SME, Helpdesk, Group Policy Managers and business users.• Research capabilities with intellectual curiosity and critical thinking to determine best ways to prioritize and remediate vulnerabilities with no impact on production environment.• Continuously improve remediation processes via automation for maximum efficiency and reliability.• Communicate compliance and operational metrics.• Create deployment patch packages using SCCM and WSUS.• Work with product vendors to develop suitable patch recommendations without risking service availability.• Document operational standards and procedures using agency’s KB wiki.• Assist in developing technical expertise with less experienced staff members.
COMPETENCIES:• Information Security.• Computer and network system administration in a medium-large environment.• Excellent communication skills.• Problem Solving/Analytical/Critical Thinking.• Customer Service Focus.• Time Management.• Strong organizational skills.• IT Service Management Concepts and Disciplines.