Previous Job
Vulnerability Analyst
Ref No.: 18-11541
Location: Baltimore, Maryland
Vulnerabilty Analyst
Baltimore, MD
12 month Contract

- Continues assessment of Critical vulnerabilities
- Perform a deep technical analysis of vulnerabilities and associated exploits
- Create a detail technical report concerning vulnerabilities along with PoC code.
- Share vulnerability intelligence with other security teams including threat intelligence, security operations and risk management
- Be able to successfully partner with other security teams to assess potential impact from vulnerabilities
- Determine and suggest mitigating controls
- Stay on top of the vulnerability landscape and be up-to-date on current attacks or potential attacks
- Review and analyze vulnerabilities in order to determine and understand the nature of the threat
- Evaluate, rate and perform risk assessments
- Prioritizing vulnerabilities discovered along with remediation timeline(s)
- Send and receive notifications to the SMEs of vulnerabilities within the environment
- Interaction with multiple global teams (cyber analytics , hunt, security architecture, penetration testing, application development, Risk Officers, etc)
- Maintain knowledge of the threat landscape
- Provide reporting and analysis and follow up
- Provide vulnerability analysis and produce reports for management
- Participate collecting, assessing, and cataloging threat indicators

Skill Required:
- 3-5+ years of experience in vulnerability management or related cyber security field- Knowledge of application, network and operating system security
- Understanding the concepts of exploitations
- Knowledge with exploitation mitigation techniques ( DEP, ASLR , stack cookies)
- Strong experience analyzing exploits related to commonly exploited software
- Experience with vulnerability and patch assessment- Good understanding of Windows and Linux OS and patching
- Knowledge of vulnerability scoring systems (CVSS/CMSS)
- Strong familiarity with common vulnerability & exploit tracking/collaboration circles
- Understanding the concepts of exploitations
- Understanding network protocols
- Ability to use a scripting language (Python, Perl, Ruby, etc.)
- Ability to learn new technologies
- Excellent writing and presentation skills are required in order to communicate findings and status
- Cleary communicate priorities and escalation points/procedures to other team members
- Detail oriented, organized, methodical, follow up skills with an analytical thought process

Skill Desired:
- Relevant experience involving WinDbg ,OllyDbg and IDA Pro
- Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)
- Familiarity with fuzzers
- Ability to analyze network protocols throughout all layers of the network stack
- Dynamic scans, static scans and penetration testing
- Experience with Splunk for Enterprise security
- Security architecture experience a plus.
- Project management experience
- Innovative and efficiency focused