37769 - Senior Security Analyst Vulnerability Management Operations

Senior Security Analyst Vulnerability Management Operations

Location: Bangalore and Mumbai Remote

Job ID: 37769

Job Type: Fulltime

What if the work you did every day could impact the lives of people you know Or all of humanity

At Illumina we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable lifechanging discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person in every role has the opportunity to make a difference. Surrounded by extraordinary people inspiring leaders and world changing projects you will do more and become more than you ever thought possible.

The Vulnerability Management Analyst will lead in driving the strategy evaluation process execution and operations of the vulnerability management program at Illumina. S/he will be responsible for vulnerability detection analysis prioritization reporting remediation and validation against common vulnerabilities. This role is accountable for collecting processing monitoring and disseminating potential threat intelligence and security vulnerabilities. This role will also partner with each functional area to overlay vulnerability and threat data with system knowledge to identify where compensating controls (or deep system knowledge) can be applied to lower (or raise) the effective risk ratings.

Responsible for successfully executing enterprisewide Information Security Operational controls and processes related to vulnerability management that protect the companys data and functions across all business areas. Adhering to data protection standards procedures regulatory oversight and technical solutions for the Information Security department.

Lead vulnerability management investigations establish and improve monitoring processes analysis of vulnerability events validation via manual testing of patch effectiveness cybersecuritybased awareness and education and vulnerability management requests. Point of escalation for zeroday vulnerabilities triage and response for junior staff.

Performs all duties in accordance with the companys policies and procedures all state federal and country laws and regulations wherein the company operates.

In accordance with regulatory and audit requirements this position will perform analysis of systems and programs including the cybersecurity related programs and initiatives. Delivery of activity reporting including metrics environment impact effectiveness progress and performance and risk indicators.

Duties

• Configure and manage vulnerability management tools creating scan schedules reporting and metrics generation and documentation

• Monitors tracks responds investigates and reports in compliance to vulnerability policies and works with the responsible parties to drive timely results and remediation of vulnerabilities

• Generates and monitors effective and actionable vulnerability management reporting across the enterprise

• Research and assess current vulnerability threats

• Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e. PCIDSS SOX GDPR CCPA)

• Keeps abreast of the latest security and privacy legislation regulations advisories alerts and vulnerabilities pertaining to the organization

• Review triage and respond to service requests and alerts related to vulnerability management

• Response to vulnerability findings as primary or a point

• Assist in the administration and removal of unsanctioned software

• Liaison between internal teams to improve overall enterprise risk

• Act on improving processes and procedures

Skills

• Strong oral and written communication skills appropriate for consultation with all levels of management

• Strong problemsolving and analytical skills

• Proficient or able to gain proficiency with vulnerability management applications and tools

• Previous riskbased vulnerability management experience

• Knowledge of vulnerability management lifecycle (familiar with CVEs CVSS and MITRE)

• Experience in collaboration amongst multiple lines of business and geographic theaters

• Strong experience and architecture comprehension of vulnerability management environments preferred

• The ability to thrive in a fastpaced dynamic environment

• Understanding of threat intelligence best practices

• Overall Networking understanding and principles

• Successfully implemented and delivered projects involving a variety of cybersecurity functions

• Team oriented and skilled in working in a collaborative environment

• The ability to influence and drive change within teams and the organization

• A selfstarter with a handson style high level of energy stamina and drive

• A strong team player who is proactive and driven to achieve results

• Commendable organizational and time management skills

• Previous experience working as part of an enterprise Information Security team

• Monitors tracks responds investigates and reports in compliance to vulnerability policies and works with the responsible parties to drive timely results and remediation

• Research and track current security vulnerabilities and related projects

• Keeps abreast of the latest security and privacy legislation regulations advisories alerts and vulnerabilities pertaining to the organization

• Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls

• Ability to validate vulnerability findings through manual testing

Experience/Education

• 5 years experience in multiple Cybersecurity domains (i.e. Vulnerability Management Identify & Access Control Network Security Firewalls Enterprise Directory Systems Encryption Data Loss Prevention DLP Comprehensive Endpoint Protection Infrastructure & Information Security Operations)

• 3 years of vulnerability management experience

• Experience working with a wide range of stakeholders to perform vulnerability assessments on systems or applications

• Experience creating useful metrics that will help various stakeholders (asset owners and executives)

• Experience triaging vendor patch releases as well as security bulletins and make recommendations on required remediations

• Experience with patch management processes across network OS database workstations IoT virtual cloud

• Experience with Microsoft Linux Mac operating systems

• Experience using MITRE/CVSS calculations to define vulnerable and impacted components to clarify the severity

• Experience collecting processing and disseminating threat intelligence

• Successfully implemented and delivered projects involving a variety of cybersecurity functions

• Bachelors degree in Computer Science Information Systems or equivalent work experience

Nice to Have

• Previous experience in engineering architecture application development information security operations

• Understanding of Cloud and Container Vulnerability Management (AWS GCP Azure)

• Webapp vulnerability management experience

• Understanding of DevSecOps best practices

• Knowledge of PCI HIPAA NIST 80053 CIS Benchmark STIG

• Security Certifications (i.e. AWS Security Azure Security Engineer Security CISSP CEH SANS etc.)

• Incident Management Monitor and Response experience in a Cybersecurity operationbased environment

• Forensic and eDiscovery skills

• Penetration Test/Validation Experience

• OT/Manufacturing Vulnerability Management Experience