Cybersecurity Analyst - Vulnerability Management
Location: FL Pensacola - GPO
Full/Part Time: Full-Time
Why You Will Love Being Part of the Navy Federal Team:
*Competitive compensation with opportunities for annual raises, promotions, and bonus potential
*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
*Consistently Awarded Top Workplace
*Nationally recognized training department by TRAINING Magazine IND123
*An employee-focused, diverse, and service-oriented workplace environment
The Cybersecurity Analyst serves as a subject matter expert to the vulnerability management program of Navy Federal Credit Union’s Cybersecurity Operations Center, providing procedural expertise to the program. The Analyst will work closely with the other vulnerability management members to identify threats and vulnerabilities to the organization, and he/she will partner with additional teams within Navy Federal Credit Union to protect Navy Federal’s brand, data, and IT assets from cyber-based threats.
Qualifications (All required unless otherwise noted)
- Knowledge of and expertise with industry-standard vulnerability management tools. Examples include Nessus, Nmap, Rapid7 Nexpose, Metasploit, Burp Suite, Fortify, and HP Webinspect.
- Provide and support efforts to maintain metrics, including vulnerability remediation efforts.
- Discover, identify, and track vulnerabilities to assess risk to NFCU information assets. This also includes identifying vulnerability false positives.
- Contribute to the vulnerability management program including maintaining a vulnerability assessment schedule to assess risk of Navy Federal assets.
- Measure the effectiveness of the credit union’s technology safeguards by performing testing to ensure they provide the intended level of protection.
- Participate in execution of testing, red teaming, and enforcement of security standards and remediation tracking.
- Build and maintain relationships with other teams, business units, and stakeholders. Regularly communicate status to key stakeholders.
- The ability to make decisions independently and prioritize assignments and workload.
- Ensure staff at all levels consistently apply defined processes and procedures to established standards.
- Escalate issues to management in a timely manner with appropriate information regarding risk and impact.
- 5-7 years of experience participating in vulnerability management.
- Expert-level understanding of and experience in the practical application of the Vulnerability Management Lifecycle and associated best practices.
- Experience with industry-standard vulnerability management tools, including but not limited to Rapid7 Nexpose and Metasploit Pro, Burp Suite, Webinspect, and HP Fortify.
- An understanding of the vulnerability identification, analysis, and vulnerability scoring standard Common Vulnerability Scoring System (CVSS) as well as Common Vulnerabilities and Exposures (CVE).
- Demonstrated knowledge of information security programs and operations and data security practices and procedures, including risk identification/assessment.
- Strong problem-solving and critical-thinking skills, with the ability to diagnose and troubleshoot technical issues.
- Working knowledge of general security concepts (Authentication, Authorization, Encryption, and Digital signatures), PKI concepts, and TLS.
- The ability to influence others, including senior leaders and other teams.
- A strong desire for continuous process improvement and excellence.
- Excellent verbal and written communication skills, including the ability to convey technical details in a clear and understandable manner to a variety of audiences.
- Strong planning, time-management, and organizational skills.
- Knowledge of industry standards and frameworks, including ISO, ITIL, COBIT, and NIST.
- Previous experience within the financial sector.
- Scripting and Automation experience
- Preferred certifications: GIAC (e.g., GCIH, GCIA, GCFA, etc.), CEH, OSCP, CISSP, or Security+.
- Experience with and understanding of different threats to an organization.
- Experience working with vulnerability management modules like RSA Archer and ServiceNow.
Equal Employment Opportunity
Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability