Vulnerability Assessment Analyst
The Vulnerability Assessment Analyst assists the Sr. Director of Information Security with vulnerability assessment, remediation prioritization, intrusion prevention, awareness training, and special projects. Recommends and helps implement mitigating actions to prevent intrusions.
- Manage continued rollout and adoption of dynamic network-, system- and application security scanners, and other defensive tools.
Implement and execute vulnerability management services, vulnerability remediation, and patch management oversight for the league-wide cybersecurity program.
- Perform vulnerability scanning using automated tools against systems and infrastructure within Major League Baseball's environment. Identify and resolve false-positive findings — update asset tags to reflect system ownership and accountability.
- Build security metrics & reports to provide necessary insights and demonstrate assessment coverage and remediation effectiveness, including vulnerability, configuration, and coverage metrics.
- Develop organizational relevant tactical response procedures for all security findings. Recommend and help implement mitigating actions to contain risk.
- Assist teams with vulnerability resolution, including providing assistance researching vulnerabilities and solutions, proactively reducing data owners' workloads, performing confirmation scans when appropriate.
- Retrieve, review, and analyze threat and vulnerability feed. Deliver timely, organizationally relevant, timely technical vulnerability advisories. Increase security awareness amongst all workforce members.
- Perform administrative duties, including documentation and management reporting, as needed.
- Ability to maintain confidentiality while dealing with sensitive information
- Self-starter who takes the initiative, organized with attention to detail
- Completed a Masters or Bachelor's degree in Computer Science, Information Technology, Information Security, Cybersecurity, Criminal Justice, or a related field
- Fundamental understanding of network protocols; including the TCP/IP stack as well as UDP based protocols
- Interest in vulnerability assessment, intrusion/threat detection, digital investigations, mobile device management, log analysis, identity & access management, monitoring, or endpoint security
- Familiarity with scripting languages such as Python or Go, systems engineering using DevOps tooling, or talking to APIs is a plus
- Relevant certifications such as CompTIA Security+, Offensive Security OSCP, or SANS are a plus
- Strong verbal and written communication skills are a plus