Vulnerability Management Analyst

Job Info

May 8, 2024

112392

Posting Expiration Date: Jun 8, 2024

Schedule Type: Full-Time

Minimum Salary: $80000

Maximum Salary: $105000

Organization: IT Engineering & Operations

Department: Information Security

Section: IT ENG Cyber Security Ops

Location: NY-New York-4 Irving Pl Headquarters

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • Lead vulnerability management response efforts and events, including response to zero-day vulnerabilities
  • Continuously build and implement improvements to vulnerability management workflows and processes
  • Develop new and update existing vulnerability management policies, procedures, runbooks, and other documentation
  • Configure and run vulnerability scans using industry-standard tools
  • Remain up to date on cybersecurity news and emerging vulnerabilities
  • Assess and prioritize vulnerabilities for impact and cyber risk
  • Communicate vulnerability statuses and associated risk to stakeholders and leadership
  • Coordinate with stakeholders to remediate vulnerabilities timely, providing technical expertise and support as needed
  • Ensure proper escalation and communication of critical vulnerabilities or other issues to leadership in a timely fashion
  • Keep abreast of current developments in vulnerability management mitigation techniques and propose recommendations to reduce risk
  • Perform validation that vulnerabilities have been remediated/mitigated, working with other teams as required
  • Collect, analyze, create dashboards, and report on vulnerability metrics
  • Participate in attack surface reduction efforts
  • Continuously learn, improve, and hone your skills to deliver advanced assessments

Required Education/Experience

  • Bachelor's Degree and 2 years of IT experience or
  • Associate's Degree and 4 years of IT experience or
  • High School Diploma/GED and 5 years of IT experience

Preferred Education/Experience

  • Bachelor's Degree Computer Science, Cybersecurity, or similar field

Relevant Work Experience

  • Previous IT or cybersecurity experience Required
  • Knowledge of cybersecurity tools Required
  • Understanding of industry standard policies, processes, and procedures covering incident, problem, and change management Required
  • Understanding of attack vectors, cyber kill chain, and MITRE Framework Preferred
  • Previous experience in vulnerability management, including configuring and using vulnerability scanners and performing vulnerability risk assessments/prioritization Preferred
  • Knowledge of/experience with vulnerability management in cloud environments and/or containers Preferred
  • Knowledge of data/business intelligence tools is preferred (e.g., PowerBI, etc.) Preferred

Skills & Ability

  • Proficient in English written and verbal communication skills
  • Effective interpersonal skills
  • Possesses flexibility to work in a fast paced, dynamic environment
  • Well organized, detail oriented and flexible to handle multiple assignments
  • Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses & Certifications

  • Driver's License Required
  • Other: Technical certifications (e.g., CISSP, CISM, Pentest+, etc.) Preferred

Other Physical Demands

  • Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.

Technical Difficulty Statement

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.

SHARE: