Dillard’s is seeking an Information Security Analyst to lead the practice of Vulnerability Management in Little Rock, Arkansas. As the Vulnerability Management Specialist, you will be responsible for leading the efforts to identify and aid in remediation while serving as a security consultant for Information Technology. The Vulnerability Management Specialist’s support activities are focused on helping groups understand their vulnerability scan reports and providing guidance on the remediation. Often, the analyst will help other teams understand the possible risk to the systems’ data if vulnerabilities and poor configurations are not remediated. There are other responsibilities included with this role that relate to other Security disciplines such as Endpoint Security, PKI Management, and Security Awareness.
ROLES & RESPONSIBILITIES
- Ensure all assets on the Dillard’s network are scheduled to be scanned with a Vulnerability Management solution and maintain the comprehensive list with identified owners.
- Follow up on any scans with errors.
- Identify any assets which have not had a completed credentialed scan within the maximum duration.
- Lead monthly meetings with IT Operations teams and vendors in regards to outstanding vulnerabilities or false positives.
- Report any Zero-Day vulnerabilities to management along with an eradication plan.
- Train others in vulnerabilities, exploits, and remediation concepts.
- Manage the relationship with the Vulnerability Management vendor.
- Coordinate discussions with the Operations teams and vendor on any false positive reports.
- Generate reports for Management and vendors for Vulnerability Awareness.
- Research vulnerabilities to understand the risk to the organization and appropriately prioritize.
- Identify areas where IT processes need to be established or improved.
- Work in a hybrid Windows/Linux environment.
- Participate in on-call rotation.
- Authorization to work in the United States without sponsorship.
- Ability to work onsite at Corporate Headquarters in Little Rock, AR.
- Experience creating processes, procedures, and solutions that reduce technical risk and increase operational efficiency.
- Ability to work independently and in teams, while meeting multiple deadlines.
- Strong interpersonal and communication skills with proven decision-making skills.
- Desire to troubleshoot and lead research.
- History of and commitment to ethical behavior and ethical full disclosure.
MINIMUM YEARS OF EXPERIENCE
- Background in several of the following areas: cybersecurity, intrusion detection/prevention, OS architecture, malicious network traffic identification, malicious code detection/prevention, security auditing, security architecture, security awareness education, databases, application security architecture for web environments, identity management, PKI, encryption methods/standards, event correlation, authentication services, advanced incident handling and forensics best practices, PKI.