Vulnerability Assessment Analyst

Posted on February 18, 2025

Location

Hybrid
Analyst

Position Details

Full-Time

Job Summary

Beacon Technologies is seeking a Vulnerability Assessment Analyst for our client partner. This position will lead meetings every 2 weeks with data, infrastructure and desktop teams and participate in monthly meetings with IT leadership. In the first 90 days one task will be to make sure the current data in the dashboards is accurate. This position is hybrid, preferably within our client's service area but NOT in CA or NY. Prefer experience with HIPAA framework or other type of framework where vulnerabilities are flagged. Medium level coding in Python or PowerShell is also preferred. Other tools used are Qualys and/or Nessus as well as Burp Suite and Git Hub Security Suite. The person in this role may evaluate current tools and recommend changes/improvements. Team includes a lead Security Analyst who will work closely with the person in this position. Experience with vulnerability assessment tools and good communication skills.

  • Facilitates the timely identification, assessment, and mitigation of system vulnerabilities across the organization.
  • Constantly improves the Vulnerability Management program by refining processes, procedures, metrics, and tools to enhance overall program effectiveness.
  • Collaborates with cross functional teams, stakeholders, and system owners to ensure vulnerabilities are addressed efficiently, contributing to a reduction in the organization's vulnerability footprint.
  • Additionally, the role involves updating and maintaining dashboards to effectively visualize complex data, track trends, and provide insights into the status of the vulnerability management program, helping to guide decision-making and inform security priorities.
  • Influence system owners, application owners, and operations support teams to understand vulnerability impact and implement expedient mitigations. 40%
  • Collaborate closely with system and application owners to clearly communicate the business and technical impact of identified vulnerabilities.
  • Provide guidance on best practices and assist in prioritizing remediation actions based on risk levels.
  • Offer expertise and support to ensure timely resolution of vulnerabilities and maintain an effective, continuous improvement cycle.
  • Act as a liaison between security teams and functional teams to foster alignment and urgency in addressing vulnerabilities.
  • Discern accuracy of reported vulnerability dispositions and when appropriate reprioritize criticality, remove false positives, and work to address root causes of misaligned dispositions. 30%
  • Review vulnerability reports to assess the accuracy and validity of findings, focusing on ensuring correct categorization and severity.
  • Identify and eliminate false positives through thorough verification and correlation with other data sources.
  • Reassess the criticality of vulnerabilities and work with stakeholders to reclassify or reprioritize based on evolving business needs.
  • Identify patterns or systemic issues in vulnerability reporting and collaborate with teams to resolve underlying causes of misclassifications or misalignments.
  • Identify and resolve gaps related to our vulnerability reporting toolset and overall program processes. 10%
  • Evaluate and assess the effectiveness of current vulnerability management tools and reporting frameworks.
  • Identify areas for improvement, including gaps in automation, integration, and data accuracy.
  • Collaborate with cross-functional teams to streamline reporting processes, ensuring vulnerabilities are properly tracked, assessed, and mitigated.
  • Provide recommendations for new tools or enhancements to existing systems to improve vulnerability detection and management.
  • Assist with identifying code vulnerabilities in partnership with development.
  • Collaborate with the development team to identify and address vulnerabilities within code, such as insecure coding practices or logic flaws.
  • Assist in integrating secure coding practices into the development lifecycle through ongoing training and mentorship.
  • Support the integration of automated static and dynamic analysis tools to improve the identification of code vulnerabilities early in the development process.
  • Perform web application security assessments. 10%
  • Conduct security assessments of web applications to identify vulnerabilities such as cross-site scripting (XSS), SQL injection, and other OWASP Top 10 risks.
  • Analyze application security configurations and identify potential flaws in authentication, authorization, session management, and data handling.
  • Provide recommendations and collaborate with developers to remediate web application security issues, ensuring secure deployment in production environments.
  • Identify remediation options from 3rd party pen test results. 5%
  • Review findings from third-party penetration tests to identify actionable remediation steps.
  • Prioritize recommendations based on risk, criticality, and business context to ensure efficient and impactful resolution.
  • Work with technical teams to implement the appropriate fixes and mitigation strategies based on pen test outcomes.
  • Any actions to help drive or enable our client: 5%
  • Vision, Mission, Values, Culture, DEI & Belonging, Engagement, Employee Resource Groups (ERGs), and Learning & Development or any activity that foster employee well-being and connection.

Qualifications:

  • Required Education: Bachelor's degree in Computer Science, Information Security, Technical, Education, Engineering, Information Technology, Cyber Security, Information Systems, Web Development or Technology, or Associate's degree in Computer Science, Information Security, Technical, Education, Engineering, Information Technology, Cyber Security, Information Systems, Web Development or Technology, or High school equivalency.

Required Experience:

  • With bachelor's degree, two (2) years remediation of vulnerabilities experience, or with associate's degree, five (5) years remediation of vulnerabilities experience, or with high school equivalency, eight (8) years remediation of vulnerabilities experience.
  • Experience with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, Metasploit, AppScan, Web Inspect, or Burp Suite. Experience using network vulnerability scanning toolsets such as Qualys, Nessus, etc.

Preferred Experience:

  • Vulnerability Management Principles: In-depth understanding of vulnerability management frameworks, methodologies, and best practices, including risk-based prioritization and mitigation strategies. Cybersecurity Frameworks & Standards: Familiarity with industry-standard frameworks such as NIST, ISO 27001/27002, HIPAA, and PCI-DSS, particularly as they apply to health insurance organizations and the protection of sensitive data.
  • Security Tools and Technologies: Knowledge of vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7), penetration testing tools, web application security scanners, and SIEM (Security Information and Event Management) systems.
  • Healthcare Compliance Requirements: Understanding of health industry-specific compliance requirements, including HIPAA, HITECH, and other regulations governing the privacy and security of health-related information.
  • Common Security Threats and Vulnerabilities: Knowledge of the latest security vulnerabilities (e.g., OWASP Top 10, CVEs), attack vectors, and how they can affect health insurance systems and applications.
  • Network Security and Web Application Security: Familiarity with common security protocols (e.g., SSL/TLS, encryption, multi-factor authentication) and web application vulnerabilities (e.g., SQL injection, cross-site scripting, etc.).
  • Incident Response: Knowledge of incident response procedures and understanding the role vulnerability management plays in detecting and mitigating potential security incidents.
  • Skills Vulnerability Assessment and Remediation: Proficient in conducting vulnerability assessments, determining the criticality of vulnerabilities, and developing effective remediation plans.
  • Data Analysis & Reporting: Ability to analyze complex data sets and use visualization tools (e.g., Power BI, Tableau) to create dashboards that track vulnerability management progress and trends.
  • Problem-Solving: Strong analytical and troubleshooting skills to identify the root causes of vulnerabilities and propose effective solutions.
  • Collaboration and Communication: Excellent interpersonal skills to work with cross-functional teams, stakeholders, and system owners, including the ability to translate technical vulnerability information into clear business risks and remediation actions.
  • Penetration Testing: Skills in performing basic to intermediate penetration testing or interpreting the results of penetration tests to identify actionable remediation steps.
  • Code Review and Secure Coding Practices: Ability to assess code for vulnerabilities in collaboration with development teams, and knowledge of secure coding practices to prevent future issues.
  • Abilities Risk Assessment and Prioritization: Ability to assess risk associated with vulnerabilities, prioritize remediation efforts based on business impact, and make informed decisions about vulnerability management.
  • Cross-functional Collaboration: Ability to work effectively with system owners, application owners, developers, and security operations teams to drive vulnerability remediation.
  • Continuous Improvement: Ability to identify gaps in the vulnerability management program and suggest process improvements, including toolset enhancements, metrics, and reporting.
  • Effective Communication: Ability to clearly communicate security issues, mitigation strategies, and the importance of vulnerability management to non-technical stakeholders, ensuring buy-in and timely resolution.
  • Adaptability in a Healthcare Environment: Ability to adapt vulnerability management strategies to the unique challenges and regulatory requirements of the health insurance industry.
  • Project Management: Ability to manage multiple remediation efforts simultaneously, ensuring that projects are completed on time and in alignment with organizational security goals.
  • Attention to Detail: Strong attention to detail to ensure accurate vulnerability assessments, reporting, and remediation actions.

Position Characteristics:

  • Managing Projects: Execute project tasks with proficiency, leveraging previous experience in project management. Collaborate with team members to achieve project goals and contribute insights from prior projects to enhance overall project efficiency.
  • Complexity: Works on projects of moderate scope and complexity; applies judgment within defined parameters.
  • Impact: Impacts quality of own work and the work of others on the team; works within guidelines and policies.
  • Authority: Manages own workload and occasionally provides informal guidance to colleagues with less experience. Receives general guidance; may receive more detailed instruction on new projects. Work reviewed for sound reasoning and accuracy.
  • Influence: Interacts across teams within own discipline/department to achieve area goals. Explains complex information to others in straightforward situations. Exchanges information on routine and non-routine matters.

Physical Effort and Working Conditions:

  • Manual Dexterity: Ability to operate computer and telephone.
  • Physical Effort: Ability to sit or stand for 8 hours per day; Occasionally lift up to 10 lbs.
  • Equipment Used: Computer and telephone.
  • Working Conditions: Traditional office environment; Required to work on a computer 5-7 hours per day.

 

About Beacon Technologies

Are you looking to advance your career in information technology? Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees. In addition to providing interesting opportunities, Beacon Technologies provides that old fashioned, personal touch, so you feel like a part of the Beacon team.

Beacon Technologies, Inc. is an equal employment opportunity employer with a functioning Affirmative Action Plan. It is the policy of Beacon Technologies, Inc. to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, ethnicity, ancestry, disability, medical condition, military and veteran status, or any other characteristic protected by law. Beacon Technologies, Inc. prohibits any such discrimination or harassment.