We are seeking a full-time Cyber Security Vulnerability Analyst 2 in our Olathe, KS location. In this role, you will be responsible for operating independently to configure and perform vulnerability scanning and assessments to support the identification, analysis, and remediation of risk to networks, operating systems, applications, and other information system components.
Essential Functions
Review/configure automated tools, analyze threat feeds, and monitor disclosure programs to identify/prioritize vulnerabilities
Work with stakeholders to help determine/implement remediation timelines/plans and is tasked to execute/align remediation plans based on experience and available data on Garmin risks
Operate independently to configure and perform vulnerability scanning and assessments to support the identification, analysis, and remediation of risk to networks, operating systems, applications, and other information system components
Independently analyze results from internal/external vulnerability scans and charged with using experience and skills to prioritize risk-based remediation plans
Coordinate/establish proper scan timelines to avoid service interruption, ensuring complete and accurate results are achieved
Establish strong relationships with business stakeholders to facilitate prioritization and timely remediation
Develop metrics/timelines in support of the monitoring of vulnerability management program health
Work with Cyber Security, System Administration, and System Owners to establish vulnerability mitigations and plans of action
Independently build performance metrics that provide advanced and detailed views of remediation performance
Ensure that external vulnerability disclosures are assigned to the proper teams and facilitates communications with vulnerability reporters and finders
Analyze compliance requirements and develop scanning plans and procedures to test and report on results
Coordinate efforts with compliance teams to develop vulnerability and scanning processes in support of governance/compliance requirements
Perform system administration activities on vulnerability management systems and applications
Communicate in written and verbal form effectively in a large team or departmental setting
Authorized to formulate remediation plans and timelines following vulnerability scans using input from system owners
Establish/create vulnerability documentation mitigations and remediations
Develop, create, and provide reports of vulnerability scan results that are in a consumable/consistent format
Help establish/track compliance with vulnerability management policies, standards, and procedures
Demonstrate proficient use and knowledge of standards and procedures
Understand vulnerability tool configurations and be able to provide guidance or remediation
Basic Qualifications
Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, or related field AND a minimum of 3 years related IT security experience OR Master's Degree in Information Systems or related field AND a minimum of 1 year experience
Possess analytical skills and strong ability to maintain composure and remain diplomatic under highly stressful situations
Familiarity with Common Vulnerability Scoring System CVSS framework, National Vulnerability Database (NVD)
Strong multitasking skills to be able to effectively manage multiple activities, including cross-team dependent activities simultaneously
Consistently demonstrates quality/effectiveness in work documentation and organization
Demonstrated ability/effectiveness to exercise strong and effective verbal, written, and interpersonal communication skills in a small team setting
Must be team-oriented, possess a positive attitude and work well with others
Familiarity with defensive security techniques and implementation of mitigating security controls
Desired Qualifications
Working experience with automated vulnerability scanning tools, to include implementation, configuration, maintenance
Information security related experience, in areas such as: security operations, incident analysis, incident handling, system patching, and end point protection
Experience with vulnerability scanning in cloud-based environments, to include security posture management
Ability to work in a fast paced, dynamic environment
Experience with NIST 800-53 and/or NIST Cyber Security Framework (CSF)
Familiarity information and event management (SIEM) Platforms
Experience with BI tools for data analytic reporting and KPIs
System administration experience: Windows and Linux/Unix Scripting OR development experience (Python, JavaScript, PowerShell, C#, Perl)
Garmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran's status, age or disability.
This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits