InfoSec Vulnerability Metrics & Data Analyst

Summary

Join Experian as an InfoSec Vulnerability Metrics & Data Analyst and contribute to the organization's security strategy and vulnerability management practices. You will create and maintain regional and global reports for Cloud and Application Attack Surface Management, integrating a threat-informed approach. This role involves developing vulnerability management metrics, defining requirements for vulnerability metrics, creating advanced reporting and dashboards, and communicating metrics to stakeholders. You will also automate vulnerability metrics, determine requirements for technical solutions, develop KPIs, and review business requests for new reporting. The position requires collaboration with various teams to identify risk-based metrics and develop procedures for the metrics and reporting framework. You will produce scoping documents and provide data-driven recommendations.

Requirements

• Bachelor's degree in Computer Science or a related field, or 5+ years of equivalent work experience in Cyber Security/Information Security and Vulnerability Management reporting
• Experience with tools such as SQL, Tableau, PowerBI, and Excel
• Experience in ServiceNow query and report development
• Experienced with collaboration tools such as ServiceNow and Confluence
• Understanding of the end-to-end security metrics process, including metrics collection, tracking, and reporting
• Understanding of Common Vulnerability Scoring System (CVSS), including calculations and implications of base, temporal, and environmental scoring factors
• Experience collecting, analyzing, and interpreting qualitative and quantitative data from several sources to detail results and analyze findings to provide threat intelligence
• Familiarity with architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7, and ServiceNow
• Knowledge of major cloud platforms (AWS, Azure, or GCP)
• A broad understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies

Responsibilities

• Guide the development of vulnerability management metrics, gathering feedback and sharing metrics with senior leaders
• Evaluate and define functional requirements for vulnerabilities, flaws, and misconfiguration metrics
• Develop, maintain, and run advanced reporting, dashboard, and scorecard results
• Communicate metrics to system owners and partners on outstanding vulnerabilities, issues, and concerns
• Develop and automate vulnerability metrics with specific procedures for data collection, analysis, and charting, partnering with necessary teams
• Determine requirements for technical solutions and tools to implement Vulnerability Metrics
• Develop vulnerability KPIs and metrics to demonstrate coverage and remediation effectiveness
• Develop program efficacy metrics to support platform stability and improvements
• Review business and internal requests for new or vulnerability management reporting, design the solution, and develop metrics
• Work with stakeholders to identify risk-based vulnerability management metrics that align with the security program and security risk management
• Develop procedures to structure the metrics and reporting framework as part of a long-term strategy
• Produce scoping documents outlining the requirements for business requests
• Provide recommendations based on data analysis and findings related to vulnerability management processes
• Aggregate vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpret and present risk

Benefits

• Great compensation package and bonus plan
• Core benefits including medical, dental, vision, and matching 401K
• Flexible work environment, ability to work remotely, hybrid, or in-office
• Flexible time off including volunteer time off, vacation, sick, and 12-paid holidays