Vulnerability Assessment Analyst III

Job title:

Vulnerability Assessment Analyst III

Company

Ericsson

Job description

Job Description:About this opportunityThis position is open to a remote opportunity within the U.K.The primary responsibility of this role is to assess new and existing security vulnerabilities from internal and external sources, determine applicability, and document the impact and remediation strategy in a customer viewable format. The role will focus on multiple technologies including all of the major cloud hosting environments, Linux based servers and firmware, specialized hardware products, multiple coding languages, and multiple virtualization technologies. The successful candidate will have the ability to understand the technical aspects of security, assess the risk, and translate that into simple to understand language.Job Description SummaryConducts vulnerability assessments and security audits to identify cybersecurity risks and critical flaws within the company’s networks, applications and operating systems. Tests company’s internal systems to validate security and detect any computer and information security weaknesses. Performs a technical analysis of vulnerabilities and determines the impact to the organization. Reports, tracks and records findings in a comprehensive vulnerability assessment report. Identifies and recommends appropriate action to mitigate vulnerabilities and reduce potential impacts on cybersecurity resources. See also, Information / Cyber Security – Information Security Operations responsible for performing multiple duties that may include administering security controls, defenses and countermeasures against outside penetration and attack, identifying intrusions and responding to cybersecurity breaches and/or leading teams responsible for administering and hardening internal processes and systems against outside penetration and attack. See also, Information / Cyber Security – Penetration Testing focus if responsible for preventing cybersecurity risks by performing penetration tests and attack simulations to identify and resolve information security flaws. Managers leading teams primarily responsible for detecting threat actor activity within an organization’s network and removing security risks from the environment should be matched to Threat Hunting. See also, Information / Cyber Security – Threat Hunting focus responsible for detecting threat actor activity within an organization’s network and removing security risks from the environment.What will you do· Review vulnerability scan reports· Monitor and assess external sources for new vulnerabilities· Assess the applicability of vulnerabilities in context· Determine the real impact of vulnerabilities· Document findings and disclosures for each vulnerability and publish them to customers· Negotiate with external researchers on disclosure timing· Monitor remediations and update documentation· Participate in Security Incidents regarding urgent vulnerabilities· Provide metrics and statisticsSkills you bringMinimum Qualifications:· Five (5) years of experience required (can include indirectly related experience)· A team player· Ability to interpret and explain CVEs to technical and non-technical audiences· Working knowledge of hacking techniques· Working knowledge of programming· Working knowledge of risk evaluation· Experience with the MS Office suite· Excellent written and verbal communication skills· Ability to react to changing priorities quickly and effectively· High school diploma, GED, and/or equivalent professional experience· While there is a primary location listed on this requisition, other locations may be consideredPreferred Qualifications:· Experience evaluating security risk in context of the production environment· Experience with Jira· Experience communicating directly to customers· Experience with at least one of these languages: Python, Go, Java, or C· Experience with scan reports from Snyk, Qualys, Crowdstrike, Inspector, Vdoo, or Binwalk· Experience working remotely across many time zones and cultures· Security certifications such as CISSP, CRISC, AWS SCS, etc.· Ability to work flexible hours​Why join Ericsson?At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.What happens once you apply?
to find all you need to know about what our typical hiring process looks like.​Encouraging a diverse and inclusive organization is core to our values at Ericsson, that’s why we nurture it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity and Affirmative Action employer,If you need assistance or to request an accommodation due to a disability, please contact Ericsson atDISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by employees in this position. They are not an exhaustive list of all responsibilities, duties and skills required for this position, and you may be required to perform additional job tasks as assigned.Primary country and city: United Kingdom (GB) || LondonJob details: Technology Specialist

Expected salary

Location

London

Job date

Sat, 15 Feb 2025 23:44:27 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (hiring-jobs.com) you saw this job posting.