Vulnerability Data Analyst

Summary

Join NBCUniversal's Vulnerability Management Team as a Vulnerability Data Analyst and contribute to the transformation of our cyber defense program. This remote position, preferably based on the East Coast or Central time zone, requires you to think like an adversary, identifying and assessing vulnerabilities across our IT ecosystem. You will monitor customer requests, manage tickets, configure scans, and provide reports. The role involves researching vulnerabilities, assessing risks, designing remediation plans, and collaborating with stakeholders. This position offers competitive compensation and a comprehensive benefits package.

Requirements

• 3+ years of experience in either vulnerability management or related information security field
• 1+ years of operational experience with the Qualys Vulnerability Scanning Application
• Experience in threat and vulnerability management, security operations
• Familiar with industry-standard security best practices and vulnerability management processes including compliance reporting
• Advanced experience with vulnerability scanning tools (Qualys preferred) and other vulnerability management tools
• Demonstrate knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers)
• Demonstrate an understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, and routing protocols)
• Experience developing and improving KPIs, metrics, and trending for vulnerability management functions
• Understanding of how applications, networking, operating systems, and databases work

Responsibilities

• Support the Vulnerability Management Team at NBC Universal within the Operations Group
• Monitor VM mailbox for customer requests
• Use the Jira Ticketing tool to create tickets for all customer requests and track work in this tool
• Configure VM scans based on customer requirements and VM procedures
• Provide scan reports
• Configure and execute validation scans
• Research vulnerabilities in software, firmware, and devices, and modern exploits and exploitation techniques in the following areas: Microsoft platform (Server, workstation, applications), Open Systems platforms (Linux, UNIX, VM Ware ESX), Java, Adobe, Web Application, Java web app virtualization platforms (e.g. WebSphere), Networking, Databases (Oracle, SQL Server, DB2, IMS), and others
• Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood, and impact
• Assists in designing correction plans, mitigations, and full remediation actions
• Understand and communicate attack chains to management and other stakeholders
• Collaborate with infrastructure and application owners on security hotfixes or patch management validation
• Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company
• Support the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management
• Coordinate with stakeholders to develop requirements for service enhancements

Preferred Qualifications

• Python/Scripting knowledge and/or ability to run API scripting
• Intellectual capability and curiosity to learn complex processes
• Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards
• Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual, and operational orientation
• Experience advising on technical-related issues
• Passion for and interest in the media and entertainment industry highly desired
• Flexible, organized, and passionate about advanced cybersecurity
• Great interpersonal skills and love for a team environment

Benefits

Company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks