Previous Job
Threat & Vulnerability Analyst
Ref No.: 18-00258
Location: Danbury, Connecticut
Position Type:Direct Placement
Start Date: 06/13/2018
We are currently seeking a Threat & Vulnerability Analyst, Management to will report to the Manager, Threat & Vulnerability Management of Cyber Security & Incident Response Team.
The Analyst, Threat & Vulnerability Management will ensure that vulnerabilities are properly and timely identified with the goal of keeping Realogy's infrastructure secure. This includes monitoring Vulnerability Management processes for performance, coordinating scanning schedules, risk acceptances, and serving as an administrator of the Vulnerability Management tool. The role will involve handling digital investigations, which includes collecting and analyzing data from electronic sources (infrastructure logs, application logs, network file servers, eCommunications archives, etc.).

• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
• Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to Realogy's environment and determine appropriate mitigating controls.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a an acceptable level based upon Realogy's policies and standards.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
• Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
• Review and/or escalate exception requests submitted to the TVM team
• Using a risk based approach, analyze Realogy's vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
• Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

• B.S. in Computer Science or equivalent field
• CISSP, GCTI, or similar industry certification
• 3-5 years of experience in Vulnerability Management or related field
• Detailed knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & elimination
• Strong knowledge of Qualys, including configuration and maintenance, scan execution, cloud agent deployment and oversight
• Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
• Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).
• Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Knowledge of Cloud technologies such as AWS and Azure a plus
• Previous experience working in large scale environments with diverse technologies is a plus.
• Knowledge of scripting languages desired