The job below is no longer available.
You might also like
in Golden Valley, MN
Attack Surface Mapping Analyst - Full-time / Part-time
•30 days ago
Hours | Full-time, Part-time |
---|---|
Location | Golden Valley, MN Golden Valley, Minnesota |
About this job
As part of the Cyber Defense Operations team, you will be accountable for the following:
- Work with existing Vulnerability Management, Source Code Analysis & Attack Surface Mapping tools and processes to extend coverage, increase effectiveness and expand capabilities
- Perform Attack Surface Mapping and Attack Point identification
- Assist with the identification, evaluation and communication of Attack Surface and Attack Point risks to stakeholders
- Work with diverse IT and business teams to assist in developing solutions to identified vulnerabilities and misconfigurations in a risk prioritized, effective and efficient fashion
- Assist with the implementation of process and tools to provide for the continuous analysis of security threat information (viruses, industry events, adversaries and zero day exploits, OEM weaknesses, etc.) in order to proactively assess and investigate existing as well as emerging vulnerabilities and their potential impact
- Create written reports, detailing assessment findings and recommendations
- Effectively communicate successes and obstacles with fellow team members and stakeholders
- Develop subject matter expertise in topics to include: network, database, wireless and application security assessments, and adversarial network operations
Requirements
Required Qualifications:
- 3 + years of experience in Information Security with experience in vulnerability management and associated tools
- Understanding of networking (including port numbers, services, protocols, TCP-IP stack and OSI-Model), database administration and operating systems
- Experience/understanding of security principles, policies and industry best practices
- Experience working with Security management tools (i.e. vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).
- Strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in one or more of the following: web applications development and support, application servers, databases and/or operating systems
- Must be both a self-starter and team player with the ability to work independently with limited supervision
- Must be flexible and able to manage multiple tasks and priorities on very tight deadlines
Preferred Qualifications:
- Experience with the HP Fortify source code scanning tool suite
- Linux and/or Windows administration knowledge
- Knowledge of SQL Server Studio, Oracle Administration Console and/or TOAD
- GIAC and/or OCSP/OSCE certification
- Demonstrable experience with common network vulnerability assessment techniques and tools such as: Nmap; Nessus; Nexpose; Qualys and/or AppDetective
- Familiarity with Vulnerability Management tools such as nCircle IP360, Tenable Nessus, Retina, etc.
- Familiarity with Policy Compliance tools such as CCM, Qualys QualysGuard, Symantec CCS, Microsoft SCM, etc.
- Familiarity with Web Application Scanning tools such as WhiteHat, IBM Appscan, HP WebInspect, etc.
- Familiarity with Security Single Pane of Glass implementations or frameworks such as Risk Vision, RSA Archer, Modulo, Risk I/O, etc.
- Experience with NIDS/HIDS, network and application firewalls, proxies and other information security products
Diversity creates a healthier atmosphere: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.