Job Description : Job Description :
Job Description :
Cybersecurity Vulnerability and Patch Analyst
Job Summary :
The Vulnerability & Patch Analyst and Reporting (VPAR) analyst will be responsible for monitoring and analyzing vendor patch and vulnerability reports for relevance to the DXC environment, determining a DXC risk rating, and issuing a patch notification report to DXC internal system administration staff in order to direct patching efforts in compliance with DXC policy.
The VPAR analyst will also help to coordinate vulnerability scanning for the DXC environment and analyze the resulting vulnerability scanning date to determine the most critical vulnerabilities.
The VPAR analyst will then work with the system and network administration staff to direct the necessary mitigation activities to remediate those vulnerabilities as assigned.
The ideal candidate will be a collaborative team player and creative problem solver capable of leveraging threat and vulnerability feeds and analyzing intelligence to continuously adapt the vulnerability management program to relevant and current threats.
Ideally, the candidate will have experience with Qualys scan data and reporting tools as well as familiarity with reporting and trending analysis tools within ServiceNow.
Assist with the identification, prioritization, and remediation of web applications, software, and OS vulnerabilities
Communicate and report on status and metrics of security incidents and threat data to include newly released security patch information, available exploit data to various stakeholders.
Use in-depth research to inform and guide the company's remediation process.
Drive user community adoption of Vulnerability Management solutions and provide support via internal communications tools such as Workplace by Facebook.
Create and support internal solutions related to security vulnerability management and reporting.
Guide account security officers in the vulnerability resolution and remediation process when necessary.
Works closely with internal cybersecurity teams to identify pain points and recommend solutions.
Actively participate in team activities, to include recurring team meetings and process improvement discussions.
Education Required :
Bachelor's degree required, preferably in computer science, engineering or related area of study. The degree requirement may be waived if the candidate can illustrate through past work experience significant (5+ years) of particularly relevant cyber security experience.
Basic Technical Requirements :
Applicant should be able to illustrate and articulate the below technical and basic skills with an experience of two years or more in each.
3+ years of experience in some aspect of information security, with experience in threat and vulnerability management.
Ability to remain current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats.
In-depth Cyber and IT security knowledge.
In-depth understanding of Cyber and IT security risks, threats and prevention measures.
In-depth understanding of security standards and best practices.
In-depth understanding of networking and network security.
In-depth understanding of computer vulnerabilities, the threats they pose, and how they are remediated
Advanced knowledge and experience (2+ years) in working with a vulnerability scanning tool in a large enterprise environment.
Experience with interpreting a given patch or vulnerability and determining or verifying a relevant risk rating for a given environment.
Experience with generating a high-level report for executive consumption on the current vulnerabilities and their risk in a large enterprise.
Basic Skills :
Excellent interpersonal skills, and ability to leverage cross-functional teams and drive changes in a complex environment.
Strong oral and written communication skills.
Ability to create reports, both technical and high level, and walk both technical staff and executives through these reports.
Advanced knowledge and experience in the Microsoft Office suite to include writing reports in Word, developing presentations in PowerPoint and analyzing data in Excel.
Desired Technical Requirements :
Experience with data analysis and visualization tools preferred.
Familiarity with SQL queries
In-depth knowledge of Qlicksense / Qlickview.
Experience with ServiceNow or other ticketing systems.
In-depth knowledge of Qualys Scanner and associated report generation.
DXC Technology (NYSE : DXC) is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change.
Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries.
The company’s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions.
DXC Technology is recognized among the best corporate citizens globally. For more information, visit .