Cyber Security Vulnerability Analyst

The ideal candidate will have strong data analysis skills and be capable of utilizing, MS Access, Excel and SQL to perform said analysis. The candidate will also have a basic understanding of the NIST family of security controls and basic principles of system cyber security.

The Information Security Analyst will be part of a team supporting penetration testing activities and documentation work. The Information Security Analyst will be responsible for a variety of tasks including but not limited to:

Assisting in the maintenance of a vulnerability management process,

Penetration testing and audit readiness testing,

Vulnerability Management & Patching,

Generating Vulnerability Management & Patching reports with all relevant actions and information,

Assisting in the management of InfoSec Programs,

Analyzing vulnerabilities, and other findings,

Providing administrative support,

Researching and authoring policies and procedural documents, and

Participating in peer review of deliverables.

The Information Security Analyst will primarily need Knowledge in tools like Nessus and Nexpose and Burp Suite and Kali Linux other network and application scanning tools and other security assessment tools, audit tools, and vulnerability scan tools. The analyst will work closely with team members, managers, system owners, information security officers and other customers.

Additionally, the Information Security Analyst will assist in supporting other security program functions such as audit efforts, quality control, continuous monitoring, risk management and responding to ad hoc data calls. The ideal candidate will possess a solid technical and writing background with a desire to learn and be involved in the establishing and maturing an Agency-wide information security program.

Qualifications

Basic Qualifications:

One or more years’ working experience in a technology environment with exposure to information security principles.
Working knowledge of common IT and security concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques, cyber incident response, malware analysis, computer forensics and the tools that support these processes.
Ability to analyze solutions using deductive reasoning and critical thinking to solve problems in straightforward situations.
Demonstrated teamwork and collaboration skills.
Strong time management skills and ability to manage competing priorities effectively.
Effective verbal and written communication skills for the purpose of providing detailed information about event timelines, technical designs, system concepts and business impact.
Ability to obtain requisite technical certification(s) within six months of hire.

Desired/But Not Required Tool Experience

Tenable Nessus Vulnerability Scanner
Nexpose Vulnerability Scanner
Burp Suite Vulnerability Scanner
Kali Linux and tools
Security Content Automation Protocol (SCAP)
Symantec Endpoint
Demonstrate skillsets and experience in addressing vulnerabilities in : Microsoft Windows Client/SQL/Server, RedHat, SSL, VMWare, SSH, SNMP
Other network and application scanning tools.

Preferred Qualifications:

Experience working with National Institute of Standards and Technology (NIST) guidelines.
Experience applying, analyzing and assessing information systems and security controls (NIST SP 800-53, Rev 4).
Understanding of attack vectors and methodologies.
Knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and vulnerability management tools.
Interest in learning the concepts of business development and capturing new business
SANS, Security+, CASP or equivalent security certification
Experience with vulnerability management, patch management and configuration management best practices.

Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf