|Location||Fort Lauderdale, FL|
|Preferred GIAC Certifications||GXPN|
|Contact Name||Ultimate Software|
Ultimate Software is seeking an experienced Vulnerability Risk Analyst for our Global Security Vulnerability and Risk team.
This position is responsible for analyzing security vulnerabilities and determining if there is an attack surface and impact. The ideal candidate understands the full cycle of a software vulnerability, from exploitation to mitigation.
This position demands one to stay current and emerging with emerging technologies and vulnerabilities, while managing cross-team dynamics. Attributes we will look for in our candidates include excellent technical and analytical skills, communication and flexibility, innovative thinking and problem solving.
Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's “Best Places to Work in Technology” for 2018 and #3 on the “100 Best Companies to Work For” list in 2018. Ultimate is also ranked #1 on the Fortune’s “100 Best Workplaces for Millennials” for 2017 and #3 on its "Best Workplaces for Diversity” list for 2017.
Primary Duties and Responsibilities:
Maintain near real-time awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit.
Identify updates for any software asset that have even the appearance of a quietly patched security defect (e.g. release notes contain "security" or "vulnerability").
Track private vulnerabilities (internal discovery, or nonpublished).
Map vulnerability inventory to asset inventory.
Determine asset susceptibility by technical means when (e.g., analyzing code execution flow), usage and asset configuration.
Recalculating priority for risks that decrease due to exploitability limitations and threats.
Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable.
Ability to prioritize vulnerabilities based on potential risks.
Identify vulnerabilities and assess system compliance.
Compile vulnerability and compliance reports, provide remediation recommendations, and tabulate metrics on vulnerabilities and remediation activities.
Completing regular situational awareness reports and other reports on a recurring basis.
Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities.
Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies.
Execute responsibilities with an understanding of the Global Security vision, strategic objectives, and priorities.
Demonstrated ability to work well independently with little input, and as a part of a team
Advanced experience with vulnerability scanning tools and risk management reporting platforms
Experienced in leading cross functional teams (including offsite, remote and offshore) to consensus
Written and verbal communication skills in security assessment documentation
Has good organizational and interpersonal skills and broad experience in interacting successfully with both technical and non-technical people
Has sufficient knowledge and experience to adequately differentiate between vulnerabilities and false positives
Demonstrate knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
Vulnerability discovery and exploit creation
Prior programming experience
Experience with vulnerability management tools, Visio, JIRA
Quantitative risk assessment experience
Bachelor’s Degree in Information Systems, Business Administration or related discipline preferred but not required if candidate has equivalent work experience.