Overview


Título del trabajo: Security Vulnerability Metrics & Data Analyst

Compañía: BMA Group

Descripción de funciones: **Job Title**:**Security Vulnerability Metrics & Data Analyst****Job Category**:Professional**Department/Group**:**Attack Surface Management****Position Type**:Full time**Location**:Remote, Costa Rica**Reports to**:Director Attack Surface ManagementSecurity Vulnerability Metrics & Data AnalystDescriptionThis role will establish and maintain regional and global reports in support of the Cloud and Application Attack Surface Management scope, embrace and integrate a threat-informed approach, and perform regular analytical reviews for the purpose of enhancing Experian’s Cloud and Application Attack Surface Management with intelligent, prioritized, and actionable transparency.Functions- This is an independent role, responsible for driving the development of vulnerabilitymanagement metrics, gathering feedback from senior leaders in the organization, and beingable to articulate metrics to senior leaders- Evaluate and define functional requirements for vulnerabilities, flaws and misconfigurationsmetrics- Understand the end-to-end Cloud and Attack Surface Management metrics processincluding metrics collection, tracking and reporting.- Develop, maintain, and run advance reporting, dashboards, scorecard and analytical results- Communicate metrics to system owners and business partners on outstandingvulnerabilities, issues, and concerns.- Develop and automate vulnerability metrics with specific procedures for data collection,analysis and charting, partnering with necessary teams as appropriate.- Determines requirements for technical solutions and tools to effectively implementVulnerability Metrics- Maps metrics back to strategic objectives for providing insight into the effectiveness andefficiency of Cloud and Attack Surface Management- Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness- Develops program efficacy metrics to support platform stability and improvements.- Review business and internal requests for new or vulnerability management reporting,design the solution and develop metrics.- Work with stakeholders to identify risk-based vulnerability management metrics that align with the security program and security risk management.- Develop procedures to structure the metrics and reporting framework as part of a long-term strategy.- Produce timely scoping documents outlining the requirements for business requests.- Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting.- Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.Position RequirementsFormal Education & Certification- Four-year college diploma or university degree in computer science or computerengineering, and/or 5 years equivalent work experience.Knowledge & Experience- 5+ related experience in Cyber Security/Information Security and VulnerabilityManagement reporting.- Experienced in tools like SQL, Tableau, MS Excel etc.- Experienced with collaboration tools such as JIRA, ServiceNow, Confluence etc.- Understanding of end-to-end security metrics process including metrics collection,tracking and reporting, including ownership and responsibilities for each activity.- Understanding of Common Vulnerability Scoring System (CVSS), including calculations.and implications of base, temporal, and environmental scoring factors.- Experience with collecting, analyzing, and interpreting qualitative and quantitative datafrom various sources for the purposes of detailing results and analyzing findings toprovide sophisticated threat intelligence.- Familiarity with architecture, engineering, and operations of one or more vulnerabilitymanagement tools, such as Wiz, Qualys, Rapid7 and ServiceNow.- Ability to provide creative solutions to complex problems.- Ability to clearly communicate risk of vulnerabilities to all levels within an organization.- Knowledge of major cloud platforms (AWS, Azure, or GCP).- Ability to manage, organize, analyze, and present substantial amounts of data- Experience with large scale and complex environments.- A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies.- Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls.- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner.Personal Attributes- Excellent interpersonal skills and strong verbal and written communication.- Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business.- Outstanding writing and documentation skills.- Strong organizational skills with proven ability to manage mu

Ubicación: Heredia

Fecha del trabajo: Tue, 28 May 2024 22:41:43 GMT