Vulnerability Management - Technology Assessment - Associate

Job Description

As a valued colleague on our team, you will assist in assessing systems and networks, and identifying deviations from acceptable configurations.

• Conduct platform or operating system vulnerability assessments for on-prem or Cloud assets.
• Investigate ownership of technologies associated with vulnerabilities for remediation.
• Track and manage vulnerabilities and secure configuration baseline findings from notification through to closure.
• Create and generate customized vulnerability and secure configuration baseline reports and dashboards as needed.
• Conduct secure configuration baseline scans such as based on Center of Internet Security (CIS) benchmarks for various technologies. Customize or create source scan files for vulnerability and secure configuration baseline scans.
• Streamline and/or automate existing processes as applicable.

Qualifications

Education Level Required

• Bachelor’s degree or Equivalent Education Level Preferred

Area of Study Preferred

• Computer Science or IT/IS Certifications Required (if any)

Certifications Preferred

• Industry certifications (e.g. Security+, CISSP) (preferred but not required)
• Cloud certifications (e.g. AWS Certified Cloud Practitioner) (preferred but not required)

• Experience performing security assessments in a corporate environment and have an awareness of public or private cloud infrastructure
• Experience managing the security vulnerability lifecycle from detection through notification and closure whether through the determination of false positive, risk acceptance, or remediation.
• Experience in assessing mitigating controls if timely remediation is not feasible.
• Experience in analyzing false positives and validating the effectiveness of patches applied.
• Experience utilizing vulnerability management tools
• Experience conducting secure configuration baseline scanning using at least Center of Internet Security (CIS) in a corporate environment
• Experience using APIs (bonus if it is with a scanning tool)
• Good understanding/use of a diverse range of technologies (such as operating system, third-party software, middleware, databases, network devices, databases etc.).
• Some exposure to scripting and automation
• Intermediate to strong knowledge of Windows as well as NIX operating systems.
• Intermediate to strong knowledge of Regex
• Excellent time management skills.
• Ability to work in a team environment
• Strong interpersonal, oral, and written communication skills
• Decision-making and problem-solving skills including the ability to clearly define and resolve issues
• Ability to work effectively and organize priorities independently
• Good organizational skills
• High-level critical thinking and detail analysis needed to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, secure configuration findings or threats.
• Excellent analytical and problem-solving skills
• Exemplary personal and professional integrity

• Any vulnerability scanning tool such as Tenable.sc (formerly Security Center), Nessus, Tenable.io, BeyondTrust, Qualys Guard, Inspector, PrismaCloud/Twistlock, etc.
• Tableau
• Microsoft Excel – at least intermediate level with the use of macros and comfortable using different formulae
• Jira Software

Additional Information

The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers.

REF3127M