Vulnerability Assessment Analyst III

About this opportunity

This position is open to a remote opportunity within the U.K.

The primary responsibility of this role is to assess new and existing security vulnerabilities from internal and external sources, determine applicability, and document the impact and remediation strategy in a customer viewable format. The role will focus on multiple technologies including all of the major cloud hosting environments, Linux based servers and firmware, specialized hardware products, multiple coding languages, and multiple virtualization technologies. The successful candidate will have the ability to understand the technical aspects of security, assess the risk, and translate that into simple to understand language.

Job Description Summary

Conducts vulnerability assessments and security audits to identify cybersecurity risks and critical flaws within the company's networks, applications and operating systems. Tests company's internal systems to validate security and detect any computer and information security weaknesses. Performs a technical analysis of vulnerabilities and determines the impact to the organization. Reports, tracks and records findings in a comprehensive vulnerability assessment report. Identifies and recommends appropriate action to mitigate vulnerabilities and reduce potential impacts on cybersecurity resources.

What will you do

1. Review vulnerability scan reports
2. Monitor and assess external sources for new vulnerabilities
3. Assess the applicability of vulnerabilities in context
4. Determine the real impact of vulnerabilities
5. Document findings and disclosures for each vulnerability and publish them to customers
6. Negotiate with external researchers on disclosure timing
7. Monitor remediations and update documentation
8. Participate in Security Incidents regarding urgent vulnerabilities
9. Provide metrics and statistics

Skills you bring

Qualifications

Minimum Qualifications:

1. Five (5) years of experience required (can include indirectly related experience)
2. A team player
3. Ability to interpret and explain CVEs to technical and non-technical audiences
4. Working knowledge of hacking techniques
5. Working knowledge of programming
6. Working knowledge of risk evaluation
7. Experience with the MS Office suite
8. Excellent written and verbal communication skills
9. Ability to react to changing priorities quickly and effectively
10. High school diploma, GED, and/or equivalent professional experience

Preferred Qualifications:

1. Experience evaluating security risk in context of the production environment
2. Experience with Jira
3. Experience communicating directly to customers
4. Experience with at least one of these languages: Python, Go, Java, or C
5. Experience with scan reports from Snyk, Qualys, Crowdstrike, Inspector, Vdoo, or Binwalk
6. Experience working remotely across many time zones and cultures
7. Security certifications such as CISSP, CRISC, AWS SCS, etc.
8. Ability to work flexible hours

Why join Ericsson?

At Ericsson, you'll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what's possible. To build solutions never seen before to some of the world's toughest problems. You'll be challenged, but you won't be alone. You'll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.

What happens once you apply?

Click Here to find all you need to know about what our typical hiring process looks like.

Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.

Primary country and city: United Kingdom (GB) London

Req ID:762289