Security Vulnerability Analyst Olin Corporation
Olin Corporation is hiring a Security Vulnerability Analyst to be located in Clayton, MO. Remote office location is a possibility for the right candidate. The primary role of this position is to drive process and execution of discovery, reporting, prioritization and remediation of vulnerabilities across disparate spaces including, but not limited to, operating system (i.e. Windows, Unix, Linux), application, network, and database vulnerabilities across Olin managed and third party applications and services.
Company Bio: Olin Corporation
Olin Corporation is a leading vertically-integrated global manufacturer of chemical products and a leading U.S. manufacturer of ammunition. Olin is the world’s leading producer of chlor alkali products and vinyls, the number one supplier of epoxy materials, the number one global seller of membrane caustic soda and chlorinated organics and the number one North American seller of chlorine, bleach and hydrochloric acid. Winchester's principal manufacturing facilities produce and distribute sporting ammunition, law enforcement ammunition, reloading components, small caliber military ammunition and components and industrial cartridges.
- Develop action plans and processes for vulnerability and patch remediation, risk assessments and drive execution of any remediation actions.
- Develop hardening guidelines for new technologies and applications.
- In partnership with the Business and IT groups, the Vulnerability Management Analyst will provide guidance and solutions to facilitate the assessment and alignment of application services, vulnerability management, and risk awareness to the information security objectives.
- Define and execute the process for capture, calculation, consolidation, and presentation of vulnerability metrics for the global enterprise.
- Maintains vulnerability management policies, procedures, and training.
- Perform network and application-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts.
- Perform comprehensive vulnerability assessments and continuous monitoring across the organization.
- Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to the computing environment, and communicating applicable vulnerabilities and recommended corrective actions to impacted teams.
- Research new threats, vulnerabilities, exploit techniques and develop new methods of testing new threats.
- Be an advocate for and champion best practice security configuration and hardening.
- Manage vulnerability related tickets to ensure issues are remediated within proper timelines.
Qualifications / Requirements
- Bachelor’s degree* in Computer Science, Cybersecurity, or related field required; Master's degree preferred.
- Minimum of 5 years IT Security experience required.
- Direct experience with providing vulnerability and threat analysis, understanding of risks, and mitigating controls, prioritization and coordination of resulting action using Vulnerability Management tools (e.g., Tenable, Qualys, etc.)
- Previous experience with compliance frameworks, their implementations and driving an organization to adhere both to compliance requirements and appropriate security standards.
- Knowledge of routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
- Strong knowledge on Vulnerability Management & remediation of OS, App, Network & DB vulnerabilities. Strong knowledge of industry standards regarding vulnerability management including Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE).
- Strong understanding of and experience with patch automation, security orchestration, and management tooling for on premise, private cloud, and cloud infrastructure.
- Awareness of industry frameworks and best practices: Threat Modelling, OWASP, SANS Security Model.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP) or other similar certification preferred.
- Ability to develop innovative risk mitigation solutions that address core issues with limited supervision.
- Excellent written and verbal communication skills.
- Professional demeanor and ability to interface with all levels of the organization.
*Degree must be from a school that is accredited by an accrediting agency recognized by the Secretary of Education of the U.S. Department of Education or equivalent program from an international university.
*Olin does not provide any form of sponsorship to applicants not authorized to work in the US.
*This position requires access to ITAR controlled technical data, and as such, employment will be contingent upon the candidate's ability to access ITAR controlled technical data pursuant to an export license approved by the Directorate of Defense Trade Controls, if required.
Olin is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.