Bestinfo Systems LLC
Threat and Vulnerability Management Analyst
Bestinfo Systems LLC, Indianapolis, IN, United States
- Threat and Vulnerability Management | Hybrid--Contract-to-Hire
- Manager would like 2 stronger with Windows and 1 stronger with Linux
- Indianapolis, IN, USA
- Remote: onsite 3 days a week
- Length: 6 month to hire
- Hours: 8-5
- Background: yes
- Drug Screen: yes
- Additional Info from manager (MUST HAVES vs. NICE TO HAVES)
- Go through tickets in servicenow and resolve or assign to the appropriate team that deals with the specific application (70% they will be able to resolve)
- Would like 2 stronger in Windows and 1 stronger in Linux
- No on call
- Qualys is the scanning tool
- 3-5 yrs exp
- Position: Associate, Threat & Vulnerability Management
- Job Description:
- Job Overview: We are seeking a skilled Vulnerability Management Analyst with a minimum of 3 years of experience in vulnerability assessment, server OS patch management, and remediation of End of Life/End of Service (EOL/EOS) software on servers and an overall 5 years of experience in IT. The ideal candidate will have a strong background in identifying, assessing, and mitigating security vulnerabilities, as well as experience in managing and applying server OS patches across a variety of environments. Key Responsibilities:
- Vulnerability Management:
- Conduct regular vulnerability assessments across all IT assets using industry-standard tools.
- Analyze and prioritize vulnerabilities based on risk, impact, and exploitability.
- Collaborate with various teams to remediate identified vulnerabilities promptly.
- Server OS Patching:
- Manage and oversee the patching process for Windows Server 2016/2019/2022 and Redhat Linux 7/8/9 operating systems, ensuring that all systems are up-to-date with the latest security patches.
- Develop and implement patch management strategies, ensuring minimal disruption to business operations.
- Track and report on patch compliance across the organization.
- End of Life/End of Service (EOL/EOS) Software Remediation:
- Identify and track software that is approaching or has reached the end of service life.
- Coordinate with application owners and IT teams to plan and execute the upgrade or replacement of EOL/EOS software.
- Ensure that all EOL/EOS software is either decommissioned or upgraded to supported versions to maintain security compliance.
- Security Monitoring & Incident Response:
- Monitor security alerts and incidents related to vulnerabilities and patch management.
- Assist in the investigation and response to security incidents that involve unpatched systems or EOL/EOS software.
- Provide recommendations for improving security posture and reducing vulnerability exposure.
- Documentation & Reporting:
- Maintain accurate and detailed documentation of vulnerability assessments, patch management activities, and EOL /EOS software remediation efforts.
- Generate reports for management, highlighting the status of vulnerabilities, patching, and EOL/EOS software.
- Contribute to the development of security policies and procedures related to vulnerability management.
- Qualifications:
- Education:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are a plus.
- Experience:
- Minimum of 3 years of experience in vulnerability management, server OS patching, and software lifecycle management.
- Experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
- Strong understanding of operating systems (Windows, Linux) and their respective patching processes.
- Familiarity with ITIL processes and change management.
- Skills:
- Strong analytical and problem-solving skills.
- Excellent communication skills, with the ability to explain technical concepts to non-technical stakeholders.
- Detail-oriented with a focus on accuracy and compliance.
- Ability to work independently and as part of a team in a fast-paced environment.