Threat and Vulnerability Analyst

Position Summary:

The vulnerability management analyst provides advanced, hands-on representation of the cybersecurity defense team. Candidates for this technical role must possess a solid understanding of information security and should have held positions in cybersecurity and systems administration. The role also requires an understanding of business and governance processes.  Vulnerability management analysts accept primary responsibility for the overall management lifecycle of the program.

Vulnerability management analysts should understand that legacy and present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. Given that vulnerability management and risk exposure extend across all technical systems enterprise-wide, responsibilities of this position include identifying assets and vulnerabilities, reporting, remediation and continuous assessment. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy.

Vulnerability management analysts oversee the strategic initiatives for short- as well as long-term plans to identify and reduce the attack surface across applications and systems. Use of automated tools to identify, assess and report is expected, with emphasis placed on effective communication to constituents relying on applications and systems that support their business.

• Work as a team to consistently learn and share advanced skills and foster team excellence.

• Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.

• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.

• Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.

• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.

• Procure and maintain tools and scripts used in asset discovery and vulnerability status.

• Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.  

• Support internal and external auditors in their duties that focus on compliance and risk reduction.

• Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.

• Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.

• Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.

• Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage.

• Periodically attend and participate in change management policy discussions and meetings.

• Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.

• Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.

• Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.

• Perform other duties as assigned.

• Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent work experience.

• At least 5-7+ years’ experience in information security administration, vulnerability management or security operations.

• Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source.

• Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening.

• Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.

• Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP). 

• Experience conducting organization-wide vulnerability scanning and remediation processes.

• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface.

• Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO).

• Capable of scripting in Python, Bash, Perl or PowerShell.

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.

• Preferably, one or more of the following: GCED, GCCC, GPEN, GCIH, CISSP or CRISC.

• Strong interpersonal skills.

• Quality written, oral, and presentation skills to communicate business risk and remediation requirements from assessments.

• Analytical and problem-solving mindset with an attention to detail.

• Ability to function with supervision from other analysts.

• Commitment to operational excellence and continuous process improvement.

• Willingness to expand security knowledge, skills, and abilities to achieve department initiatives.

• Self-starter requiring minimal supervision.

• Highly organized and efficient.

• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Information Security Threat and Vulnerability Analyst should have a working knowledge of:

• System administration

• Network security concepts

• Information security policy

• On-call network troubleshooting

• Patch Management

• Network protocols

• Intrusion Detection and Prevention systems (IDS/IPS)

• Data Loss Prevention (DLP)

• Vulnerability scanners

• Threat management and response

• Virtual Private Networks (VPN)

• Multi-Factor Authentication (MFA)

• Endpoint Detection and Response (EDR)

• Mobile Device Management (MDM)

• Identity Access Management and Privileged Access Management (IAM and PAM)

• Role and attribute-based access controls

• (RBAC and ABAC)

• TLS and certificate management

• Log analysis

• URL filtering

• Foundational routing, switching, segmentation

• Security Information and Event Monitoring Tools (SIEM)

• Wireless technology and security

To perform the job successfully, an individual should demonstrate the following competencies:

• Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions.

• Technical Skills - Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others. 

• Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness.

• Organizational Support - Follows policies and procedures; Completes administrative tasks correctly and on time; Supports organization's goals and values; Benefits organization through outside activities; Supports affirmative action and respects diversity.

• Quality - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.

• Adaptability - Changes the approach or method to best fit the situation.

The work environment characteristics described here maybe encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Moderate noise (i.e., business office with computers, phone, and printers, light traffic).

• Ability to work in a confined area.

• Ability to sit at a computer terminal for an extended period. Occasional stooping or kneeling may be necessary.

• While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.

• Specific vision abilities are required by this job due to computer work.

• Light to moderate lifting is required.

• Occasional travel is required.

#LI-JG1

Triumph Bancorp, Inc. and its subsidiaries reserve the right to modify this job description at any time, with or without notice. This job description in no way implies that these are the only duties, to be performed by the employee occupying this position. This job description is not an employment contract, implied or otherwise.

Equal Employment Opportunity Statement: Triumph Bancorp, Inc., and its subsidiaries, provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, or status as a covered veteran in accordance with applicable federal, state, and local laws.