Jr. Vulnerability Management Analyst
Job Description : Job Description
Responsible for detecting and responding to cyber-attacks and network intrusions conducted by external threat actors such as hacktivists, nation-states, financially motivated cyber criminals and insider threats. This includes (but is not limited to): providing situational awareness of the cyber threat landscape as it applies to SunTrust and the financial sector; identification of vulnerabilities and weaknesses in the company's security posture, the associated impact to SunTrust systems and recommended remediation actions; providing actionable threat intelligence to lines of business that enables proactive threat mitigation strategies and threat-informed decision making; and maintaining effective security countermeasures, response capabilities and digital forensic analysis of cyber threat activity. Responsible for detection and reporting of all vulnerabilities (including misconfigurations) in all production, endpoint systems (including workstations). Reporting work includes appropriate triage and prioritization of vulnerabilities (by risk) to permit risk-prioritized patching and remediation.Experienced analyst. Applies a solid understanding of concepts within own professional discipline and uses knowledge of the business and key processes gained practical experience. Solves routine problems of moderate complexity by analyzing possible solutions using experience, judgment and precedents. Focuses on enhancing knowledge of SunTrust's processes, culture and clients. Impacts quality of own work and the work of others on the team. Actively participates in projects, including planning and execution activities; may be responsible for a project workstream from start to finish. Provides informal guidance to new teammates. Works under moderate supervision.
• 2 or more years of hands on experience with vulnerability and configuration scanners like Nessus, Qualys, InsightVM, eEye Retina, and GFI LanGuard
• 2 or more years of combined experience supporting Microsoft Windows servers and endpoints, Linux & Unix servers, virtual infrastructure (e.g. ESXi), and network assets (e.g. routers, switches, firewalls, load balancers, etc.)
• At least one year or more with hands on experience with vulnerability and configuration aggregation tools like ThreadFix, Qualys, BMC BladeLogic, SolarWinds, and Kenna Security
• 2 or more years experience developing and maintain vulnerability management policies, procedures, processes, and guidelines
• 2 or more years experience with Cybersecurity framework like NIST, COBIT, ISA, and ISO•2 or more years experience with PCI-DSS 3.x standards
• At least one or more years experience with Agile framework (e.g. CI/CD) Qualifications
Minimum Requirements: Bachelor's degree or equivalent and 2 years of related experience or an equivalent combination of education and experience. Solid understanding of principles, practices, theories, and/or methodologies associated with the computer and network security, incident response, digital forensics, intelligence and/or counterintelligence discipline . Ability to manage competing priorities. Ability to solve problems in straightforward situations by analyzing possible solutions using experience, judgment and precedents. Awareness of industry competitive landscape and the factors that differentiate SunTrust and other banks in the market. Ability to communicate complex information in straightforward situations.
Master's degree or MBA and 3 years of related experience. Previous experience in the banking industry.
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf