Vulnerability Management Risk Specialist (BHJOB22048_739)

Server Vulnerability Management Risk Specialist

The Sr. Server Vulnerability Management Risk Specialist will provide outreach across all of technology to serve as a Vulnerability Management subject matter expert, coordinating Infrastructure Vulnerability Management (VM) efforts with internal customers and service providers, improving VM processes and procedures, and driving compliance efforts.

Responsibilities

• Serve as a coordination point across all of technology to coordinate Vulnerability Management (VM) efforts with internal customers and service providers.
• Provide Infrastructure Vulnerability Management guidance, coordination, processes, grouping, workflows, exception handling, VM remediation processes, tracking, and reporting.
• Coordinate with Business groups, Server owners, Information Security, and other internal teams to remediate infrastructure vulnerabilities and help drive currency efforts for systems nearing the end of their lifecycle.
• Provide situation-based support, using information security policies and compliance standards, to ensure identified vulnerabilities are remediated and updates are installed in an appropriate and timely manner.
• Investigate vulnerability findings present within the enterprise and coordinate remediation efforts in collaboration with server owners and other subject matter experts.
• Coordinate scheduling of servers for installation of patches, software, and other compliance standards in accordance with established policies.
• Validate VM Change requests for accuracy and completeness and drive timely Critical Vulnerability remediation efforts.
• Pull data and build reports for Vulnerability Response and Configuration Compliance.
• Provide status reports to leadership related to VM metrics, key risk indicators, trending risks, and compliance.
• Ensure vendors follow established procedures and SLAs in accordance with contractual obligations in the execution and proper documentation of Vulnerability Management activities.
• Coordinate with Third Party Vendors, Business Groups, and individual server owners to maintain compliance posture as it relates to Infrastructure Vulnerability management.
• Leverage defined baseline set of controls, baselines, and benchmarks for internal and external servers.
• Assist with ServiceNow module Vulnerability Response and Configuration Compliance implementation.
• Collaborate with teams to improve success rates on VM activities, drive infrastructure currency efforts for end-of-life systems, and assist with ServiceNow CMDB quality improvements.
• Initiate automation projects to minimize manual processes in operations.

Qualifications

• 5+ years’ experience in IT Systems Administration, Vulnerability Management, Server Configuration compliance.
• 3-5+ years in Server Vulnerability Management and Server Configuration Compliance – NVD, CVSS, CVE, MITRE CWE, CIS Benchmarks, Server Controls baselines, standards, and controls.
• Experience managing IT vulnerability management processes, remediation, and infrastructure server patching guidance.
• Experience with Vulnerability tools: Qualys, BigFix, and/or ServiceNow Vulnerability module.
• Good collaboration and communication skills to influence remediation with server owners – Vulnerability risk scoring, prioritization, and remediation tracking.
• Strong data analysis skills to analyze vulnerability data and publish metrics.
• Bachelor’s degree from an accredited college/university or equivalent professional experience.
• CISSP, CISM, CRISC Security/Risk Certifications or similar – preferred.
• Nice to have: Exposure to ServiceNow Modules – Vulnerability Remediation (VR) OR Configuration Compliance (CC).

LOGISTICS:

• Remote Work in Denver, CO or Atlanta, GA (candidate must be in those locations / no relocation provided).
• COVID-19 Vaccine Required – Must be fully vaccinated OR provide valid medical or religious exemption.
• Must be able to successfully pass a 12-panel drug screen, 10-year background check, and employment verification.
• You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future.
• W2 only – No sub vendors. Sponsorship NOT available.
• Must have direct contact information on resume (phone/email) to be considered.