Cyber Security Vulnerability Analyst 2

Overview

We are seeking a full-time Cyber Security Vulnerability Analyst 2 in our Olathe, KS location. In this role, you will be responsible for operating independently to configure and perform vulnerability scanning and assessments to support the identification, analysis, and remediation of risk to networks, operating systems, applications, and other information system components.

Essential Functions

• Review/configure automated tools, analyze threat feeds, and monitor disclosure programs to identify/prioritize vulnerabilities

• Work with stakeholders to help determine/implement remediation timelines/plans and is tasked to execute/align remediation plans based on experience and available data on Garmin risks

• Operate independently to configure and perform vulnerability scanning and assessments to support the identification, analysis, and remediation of risk to networks, operating systems, applications, and other information system components

• Independently analyze results from internal/external vulnerability scans and charged with using experience and skills to prioritize risk-based remediation plans

• Coordinate/establish proper scan timelines to avoid service interruption, ensuring complete and accurate results are achieved

• Establish strong relationships with business stakeholders to facilitate prioritization and timely remediation

• Develop metrics/timelines in support of the monitoring of vulnerability management program health

• Work with Cyber Security, System Administration, and System Owners to establish vulnerability mitigations and plans of action

• Independently build performance metrics that provide advanced and detailed views of remediation performance

• Ensure that external vulnerability disclosures are assigned to the proper teams and facilitates communications with vulnerability reporters and finders

• Analyze compliance requirements and develop scanning plans and procedures to test and report on results

• Coordinate efforts with compliance teams to develop vulnerability and scanning processes in support of governance/compliance requirements

• Perform system administration activities on vulnerability management systems and applications

• Communicate in written and verbal form effectively in a large team or departmental setting

• Authorized to formulate remediation plans and timelines following vulnerability scans using input from system owners

• Establish/create vulnerability documentation mitigations and remediations

• Develop, create, and provide reports of vulnerability scan results that are in a consumable/consistent format

• Help establish/track compliance with vulnerability management policies, standards, and procedures

• Demonstrate proficient use and knowledge of standards and procedures

• Understand vulnerability tool configurations and be able to provide guidance or remediation

Basic Qualifications

• Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, or related field AND a minimum of 3 years related IT security experience OR Master's Degree in Information Systems or related field AND a minimum of 1 year experience

• Possess analytical skills and strong ability to maintain composure and remain diplomatic under highly stressful situations

• Familiarity with Common Vulnerability Scoring System CVSS framework, National Vulnerability Database (NVD)

• Strong multitasking skills to be able to effectively manage multiple activities, including cross-team dependent activities simultaneously

• Consistently demonstrates quality/effectiveness in work documentation and organization

• Demonstrated ability/effectiveness to exercise strong and effective verbal, written, and interpersonal communication skills in a small team setting

• Must be team-oriented, possess a positive attitude and work well with others

• Familiarity with defensive security techniques and implementation of mitigating security controls

Desired Qualifications

• Working experience with automated vulnerability scanning tools, to include implementation, configuration, maintenance

• Information security related experience, in areas such as: security operations, incident analysis, incident handling, system patching, and end point protection

• Experience with vulnerability scanning in cloud-based environments, to include security posture management

• Ability to work in a fast paced, dynamic environment

• Experience with NIST 800-53 and/or NIST Cyber Security Framework (CSF)

• Familiarity information and event management (SIEM) Platforms

• Experience with BI tools for data analytic reporting and KPIs

• System administration experience: Windows and Linux/Unix Scripting OR development experience (Python, JavaScript, PowerShell, C#, Perl)

Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran's status, age or disability.

This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits