Senior Systems Assurance Analyst

This position monitors vulnerability data from various sources to stay current on critical exploitable vulnerabilities. The position would be required to make application of this knowledge to the KP environment and accurately determine if the new vulnerability should be prioritized for immediate action including customer facing escalation processes.

This position will administer, maintain, and mature Cybersecurity operatonal tooling including, but not limited to, vulnerability and configuration assessments. This role also develops requirements for complex security system solutions within assigned business domain(s) and identifies, defines, and mitigates complex issues, dependencies, and risks related to security testing.

This position investigates and provides response to partner and customer inquiries of findings helping to clarify technical findings details, address bugs in findings or identify and remediate false positives or false negatives.

• This position will administer, maintain, and mature Cybersecurity operatonal tooling including, but not limited to, vulnerability and configuration assessments. This role also develops requirements for complex security system solutions within assigned business domain(s) and identifies, defines, and mitigates complex issues, dependencies, and risks related to security testing.

• This position investigates and provides response to partner and customer inquiries of findings helping to clarify technical findings details, address bugs in findings or identify and remediate false positives or false negatives.

• This position reviews and provides QA of regular security reports from the assessment team and generating high level themes for executive reporting.

• This position will be current with key vulnerability intelligence resources and feeds to tracks and report on critical vulnerabilities. They would then overlay KP institutional and environmental knowledge to determine and act on required escalations.

• Completes work assignments and supports business-specific projects by applying expertise in subject area; supporting the development of work plans to meet business priorities and deadlines; ensuring team follows all procedures and policies; coordinating and assigning resources to accomplish priorities and deadlines; collaborating cross-functionally to make effective business decisions; solving complex problems; escalating high priority issues or risks, as appropriate; and recognizing and capitalizing on improvement opportunities.

• Practices self-development and promotes learning in others by proactively providing information, resources, advice, and expertise with coworkers and customers; building relationships with cross-functional stakeholders; influencing others through technical explanations and examples; adapting to competing demands and new responsibilities; listening and responding to, seeking, and addressing performance feedback; providing feedback to others and managers; creating and executing plans to capitalize on strengths and develop weaknesses; supporting team collaboration; and adapting to and learning from change, difficulties, and feedback.

• Effectively communicates investigative findings to non-technical audiences.

• Supports continuous process improvement by participating in the development, implementation, and maintenance of standardized security tools, templates, and processes across assigned business domain(s).

• Identifies and recommends additional data and/or services needed to address key business issues related to process or solutions design.

• Follows established processes to ensure KPI goals are obtained and performance metrics are tracked on an ongoing basis.

• Provides recommendations to management and business stakeholders on how to integrate security requirements with current systems and business processes across regions or domains.

• Identifies the impact of requirements on upstream and downstream solution components.

• Recommends business line or business technology team security process improvements which align with sustainable best practices, and the strategic and tactical goals of the business.

• Performs complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis.

• Generates scheduled reports (e.g., status updates, risk assessment reports, remediation reports) and provides regular security metrics to IT teams and management as appropriate.

• Validates security test scenarios across various SDLC phases (e.g., development, reproduction, production) for low- to moderately-complex projects.

• Determines testing scope and approach, and collaborates with cross-functional IT and business stakeholders for review and approval.

• Identifies, defines, and mitigates complex issues, dependencies, and risks related to security testing.

• Researches, keeps abreast of, and leverages industry trends, best practices, and cutting edge techniques to creatively discover and exploit vulnerabilities in technology systems.

• Develops and documents comprehensive business cases to assess the costs, benefits, ROI, and Total Cost of Ownership (TCO) of proposed solutions.

• Develops requirements for complex security system solutions within assigned business domain(s) by interfacing stakeholders and appropriate teams, and leading junior team members as appropriate.           

• Bachelor’s degree in Business Administration, Computer Science, Social Science, or related field and Minimum six (6) years experience in information security, network engineering, or system administration.

•  Additional equivalent work experiene of three years of work experience may be substitued for degree requirement, in addition to minimum years of experience (9 years total)

• Two (2) years performing security assessments.

• Minimum two (2) years in an informal leadership role working with project or technical teams.                                                                                        

• Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)

• Two (2) years experience working on cross-functional project teams

• Two (2) years experience working for a health care organization

• Two (2) years work experience requiring the development of technical documents or presentations.

• Two (2) years experience in large scale software implementations

• Two (2) years experience administering Qualys vulnerability and configuration assessments solutions.

• Two (2) years experience in IT risk management, governance, or compliance.

• Two (2) years experience in IT data analytics.

• Two (2) years experience in cyber security threat and/or vulnerability research.

• Two (2) years experience in software or systems programming and/or scripting.

• Two (2) years experience working with technical configuration testing methodologies.

• Two (2) years experience working in virtual testing environments.

• One (1) year experience in capacity planning and management.

• Master’s degree in Business Administration, Computer Science, Social Science or related field.

• CISSP certification.

• CISA certification.