We are seeking an experienced Vulnerability Assessment Analyst to join our team. The successful candidate will have a minimum of one year of experience in cybersecurity and a strong background in government or regulated environments. The ideal candidate will be responsible for supporting cyber incident response, performing technical risk and vulnerability assessments, and ensuring the secure development and maintenance of our technology infrastructure. This position is onsite in Portland, OR.
Act as part of a cross-organizational Vulnerability and Patch Management team, coordinating cyber incident response across Transmission Operational Technology.
Provide technical support during cyber-events related to vulnerabilities as part of an incident response team.
Perform technical risk and vulnerability assessments of relevant technology focus areas, including local computing environments, network and infrastructure, supporting infrastructure, and applications.
Interact continuously with business units to discover, triage, and resolve security vulnerabilities using manual and automated tools as part of a Secure Development Life Cycle.
Analyze vulnerabilities to characterize threats and provide remediation recommendations.
Conduct vulnerability assessments, including evaluating specific configurations of network devices, operating systems, and network-enabled software applications on both Windows and Linux platforms.
Responsible for the discovery, identification, and evaluation of security-related patches.
Develop and maintain a source list that tracks the release of cybersecurity patches.
Coordinate with System Owners, Resource Managers, and System Security Officers to ensure system patching is occurring and vulnerabilities are being mitigated.
Plan and coordinate the installation of new products, security patches, and upgrades.
Identify and mitigate security vulnerabilities and risks through vendor-identified configuration changes and maintain server integrity and availability.
Develop patch mitigation plans and coordinate with Resource Managers and System Owners to ensure resolution is completed by agreed-upon dates.
Manage the server operating system patching procedure and security hardening.
Evaluate and review patches before and after installation.
Develop procedures for responding to new threats to systems' confidentiality, integrity, and availability.
Oversee the implementation of new procedures for responding to system threats and interpret procedures in response to questions from systems administrators.
Provide subject matter expertise for applying security-related patches, hotfixes, and updates, or applying compensating measures for BES Cyber System or BES Cyber Assets mitigation plans.
Provide subject matter expertise for determining and communicating to management when it is in the best interest of reliability to not install a patch and document the mitigation for the vulnerability.
Investigate, evaluate, and select tools and methods for improving software development security testing throughout the life cycle to prevent the introduction of vulnerabilities.
Develop best practices guides for use by other application software specialists.
