Taguig City, Philippines
Job ID: 55958
Description Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $46 billion in revenue, we have become the world’s largest technology distributor with operations in 56 countries and more than 30,000 associates. We continue to strategically expand our global reach with 32 acquisitions since 2012.
We are looking for a highly skilled Vulnerability Analyst to add to our offensive security team that will be responsible vulnerability scanning our company’s websites and assets, including IOT devices in our warehouses and logistics centers. The analyst in this role is expected to provide technical expertise, coordinate with leadership, and assist the monitoring and response function.
The Vulnerability Analyst will be responsible for assisting program maturity efforts and initiatives in Vulnerability Management and Application Security functions within the Infosec Operations department. This includes but is not limited to: driving improvements with vulnerability scanning automation; validation of vulnerability findings; asset/network discovery; regulatory scanning requirements; driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
This position has the possibility of being performed remotely (applicant does not necessarily need to work from Irvine, CA). You may be required to work outside normal business hours at times to satisfy different time zones and offshore teams as well as during emergency security incidents.
- As a Security Vulnerability Analyst your role will be to support the Information Security Team and its initiatives.
- Responsibilities include supporting the capabilities of our vulnerability management service including vulnerability scans, penetration tests, security assessments, application security testing, code scanning, and configuration management.
- Perform vulnerability assessment coverage across the global organization.
- Review all applicable threats, discover vulnerabilities and collaborate with remediation treatment owners to remediate identified vulnerabilities.
- Prepare vulnerability data and develop comprehensive, accurate reports and presentations for both technical and executive audiences.
- Ensure knowledge creation around common vulnerabilities within the landscape and corresponding remediation practices.
- Research the latest security best practices and technologies, staying abreast of new threats and vulnerabilities and helping disseminate this information within the groups at the company.
- Utilize vulnerability scanning tools, penetration testing tools, custom scripts, exploits, related automation, and innovation.
- Build processes that speed up the discovery and resolution of findings.
- Work closely with developers and architects on identifying security issues early in the development cycle.
Skills & Experience:
- Preferred 3+ years of strong hands-on experience in application and network vulnerability assessment, risk management, and providing remediation recommendations.
- Basic Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Experience with cloud service providers and their offerings.
- Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.
- Experience using vulnerability scanning software such as Nessus, teanable.io, tenable.sc, or similar.
- Knowledge of ITIL/ITSM/ITAM and change management processes within ServiceNow. Experience with ServiceNow’s Vulnerability Response Module is a plus.
- Strong technical understanding of CVSS, OWASP Top 10, SANS top 25, and Vulnerability Exploitability ratings.
- Knowledge of programming and the ability to automate tasks in at least one language, including but not limited to Ruby, Python, Powershell, or BASH.
- Familiar with Metasploit, Burp Suite, Nmap, and security assessment focused Linux distributions, such as Kali.
- Strong communication (i.e., written and verbal), presentation, teamwork skills and resourcefulness.
- Preferred Certifications: SANS, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, or equivalent certification, work experience, or skills.
Job Qualifications and Educational Requirements:
*This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all of these duties.
- Bachelor’s degree from an accredited University or equivalent experience.
- Work Experience: 3+ years of vulnerability management, red teaming, or similar experience.
- Ability to work on shifting schedules (primarily graveyard shift)