Empowered. Innovative. Inspiring. Creative. Intense. These are all words we use to describe life at IBM.
At IBM, creating innovative IT solutions for global companies is only the beginning. Our clients need to ensure that their world-class systems not only meet business requirements, but are secure and reliable. That is where you come in.
Vulnerability Analyst II's are responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment. Daily activities include:
- Operation of various scanning tools in use
- Assessment and analysis data collected from scan tools
- Tracking and reporting on discovered vulnerabilities and remediation efforts
- Identification of overdue system remediation efforts
- Sourcing and tracking of public and pre-embargoed vulnerability disclosure sources.
- Analysis and reporting of all applicable publicly disclosed zero-day vulnerabilities.
- Coordination with system owners to identify and remediate scan problems
- Coordination with system owners to provide requested details about scan findings, scan methodologies and remediation recommendations
- Assisting Program Managers with reporting and continuous motion on remediation efforts
- Monitor a strategic, comprehensive corporate, commercial and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
- Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
- Provide information to system owners of flaws identified within that group's responsible systems.
- Ensure that IBM Cloud is in compliance with all applicable Federal, IBM Internal and industry standard directives and policies regarding securing and monitoring of information systems
- Assist in risk assessment duties including reporting and oversight of remediation efforts
- Enterprise-level experience managing the remediation of vulnerabilities in two or more of the following areas:
- Server Operating Systems (Windows Server, Red Hat, CentOS)
- Network (Cisco, Palo Alto, F5, McAfee)
- Storage (NetApp, CleverSafe)
- Manage multiple projects with various priority levels and time lines from start to finish
- Develop and maintain accurate documentation for internal procedures and services
- Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
- Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
- Must collaborate with other departments to resolve complex issues and be detail oriented
- Ability to automate solutions to repetitive problems/tasks