Vulnerability Management Analyst 2

The Vulnerability Management Analyst provides technical guidance to IT stakeholders to ensure effective vulnerability identification and remediation activities, employing advanced techniques, tools, and workflows to continuously improve. Leads initiatives to identify and remediate security risks by executing and analyzing security scans, and communicating and assisting stakeholders. Leverage advanced tools and technologies to identify impacted systems, as well as create and optimize workflows, to enhance cyber capabilities and vulnerability response efficiency. Conduct in-depth analyses of multiple data sources. As part of the continuous improvement focus, actively contribute to developing innovative approaches and best practices in cybersecurity, concentrating on vulnerability management. Serve as a subject matter expert to ensure that vulnerabilities are effectively prioritized and mitigated. Partner with IT stakeholders to manage larger vulnerability efforts, further refining workflows, documentation, and strategies to foster ongoing progress in vulnerability defense. This role is expected to provide support during a major security incident.

Required Education:
Bachelor's Degree in Information Technology, Computer Science, or a related field.

Preferred Education:
Master's Degree in a related discipline

Required Experience:
3+ years in a dedicated cybersecurity role including a focus on vulnerability management, security operations, or a related field, or an equivalent combination of education and experience. and 3+ years Proven background in vulnerability management, including hands-on experience with vulnerability scanning tools, security tool administration, and platforms. Experience includes creating and maintaining documentation, writing searches in a logging platform or SIEM, and evaluating risk exception requests to determine if compensating controls have lowered risk to an acceptable level. Experience with automation tools using scripting, SOAR tools, or Splunk.

Preferred Experience:
5+ years Experience working in a large-scale information technology environment. Working knowledge of network and system diagnostic tools. Experience securing cloud computing environments. Experience with scripting, programming, or automation methods. Strong background with vulnerability and patch management tools and methodologies. and 3+ years Experience with Splunk SPL and Splunk Dashboard Studio, Internet of Things search engines (e.g. Censys, Shodan), scanning a large enterprise environment with enterprise and open source tools, Web Application, DAST, and SAST security tools.

Required Skills, Knowledge and Abilities:
• CompTIA Security+ • Strong verbal and written communication skills • Knowledge of types of vulnerabilities • Knowledge of core concepts in: ◦ Operating Systems ◦ Networking services, ports, and protocols ◦ Web applications (OWASP Top 10, HTTP methods, REST APIs) ◦ Infrastructure (e.g., VPN, NAT, Load Balancer, WAF, types of servers) • Knowledge of system administration (including troubleshooting) • Knowledge of vulnerability prioritization techniques • Knowledge of endpoint management/patch management tools • Knowledge of commonly abused services, misconfigurations, and vulnerabilities • Proven ability to conduct threat research based on emerging threats and/or vulnerabilities and hunt for impacted assets • Proven ability to onboard and scan new data sources • Knowledge of advanced security controls and information security best practices. • Familiarity with security & compliance frameworks such as CIS, NIST, ISO, and PCI-DS

Preferred Skills, Knowledge and Abilities:
• Knowledge of APIs, containers, cloud architecture, and application security principles • Awareness of Attack Surface Management techniques • Knowledge of common misconfigurations within cloud environments

In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $110,000.00 to USD $130,000.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.

NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.

NYU is an Equal Opportunity Employer and is committed to a policy of equal treatment and opportunity in every aspect of its recruitment and hiring process without regard to age, alienage, caregiver status, childbirth, citizenship status, color, creed, disability, domestic violence victim status, ethnicity, familial status, gender and/or gender identity or expression, marital status, military status, national origin, parental status, partnership status, predisposing genetic characteristics, pregnancy, race, religion, reproductive health decision making, sex, sexual orientation, unemployment status, veteran status, or any other legally protected basis. All interested persons are encouraged to apply at all levels.