Threat and Vulnerability Management Analyst

Threat and Vulnerability Management | Hybrid--Contract-to-HireManager would like 2 stronger with Windows and 1 stronger with LinuxIndianapolis, IN, USARemote: onsite 3 days a weekLength: 6 month to hireHours: 8-5Background: yesDrug Screen: yesAdditional Info from manager (MUST HAVES vs. NICE TO HAVES)Go through tickets in servicenow and resolve or assign to the appropriate team that deals with the specific application (70% they will be able to resolve)Would like 2 stronger in Windows and 1 stronger in LinuxNo on callQualys is the scanning tool3-5 yrs expPosition: Associate, Threat & Vulnerability ManagementJob Description:Job Overview: We are seeking a skilled Vulnerability Management Analyst with a minimum of 3 years of experience in vulnerability assessment, server OS patch management, and remediation of End of Life/End of Service (EOL/EOS) software on servers and an overall 5 years of experience in IT. The ideal candidate will have a strong background in identifying, assessing, and mitigating security vulnerabilities, as well as experience in managing and applying server OS patches across a variety of environments. Key Responsibilities:Vulnerability Management:Conduct regular vulnerability assessments across all IT assets using industry-standard tools.Analyze and prioritize vulnerabilities based on risk, impact, and exploitability.Collaborate with various teams to remediate identified vulnerabilities promptly.Server OS Patching:Manage and oversee the patching process for Windows Server 2016/2019/2022 and Redhat Linux 7/8/9 operating systems, ensuring that all systems are up-to-date with the latest security patches.Develop and implement patch management strategies, ensuring minimal disruption to business operations.Track and report on patch compliance across the organization.End of Life/End of Service (EOL/EOS) Software Remediation:Identify and track software that is approaching or has reached the end of service life.Coordinate with application owners and IT teams to plan and execute the upgrade or replacement of EOL/EOS software.Ensure that all EOL/EOS software is either decommissioned or upgraded to supported versions to maintain security compliance.Security Monitoring & Incident Response:Monitor security alerts and incidents related to vulnerabilities and patch management.Assist in the investigation and response to security incidents that involve unpatched systems or EOL/EOS software.Provide recommendations for improving security posture and reducing vulnerability exposure.Documentation & Reporting:Maintain accurate and detailed documentation of vulnerability assessments, patch management activities, and EOL /EOS software remediation efforts.Generate reports for management, highlighting the status of vulnerabilities, patching, and EOL/EOS software.Contribute to the development of security policies and procedures related to vulnerability management.Qualifications:Education:Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are a plus.Experience:Minimum of 3 years of experience in vulnerability management, server OS patching, and software lifecycle management.Experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).Strong understanding of operating systems (Windows, Linux) and their respective patching processes.Familiarity with ITIL processes and change management.Skills:Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain technical concepts to non-technical stakeholders.Detail-oriented with a focus on accuracy and compliance.Ability to work independently and as part of a team in a fast-paced environment.