Security Vulnerability Metrics and Data Analyst

Job expired!

Company Description

About us, in brief
Experian is the world's leading global information services company, leveraging the power of data to create more opportunities for consumers, businesses, and society. We are proud to announce that FORTUNE has recognized Experian as one of the 100 Best Companies to work for. And for the past five years, we have been listed among the 100 "World's Most Innovative Companies" by Forbes Magazine.

Job Description

What you'll be doing

We're seeking a Security Vulnerability Metrics & Data Analyst to join our Cloud and Application Attack Surface Management team. This unique role requires a profound understanding of security vulnerability data analysis techniques, as well the ability to design, implement, and manage security metrics and key performance indicators (KPIs). The chosen individual will play a crucial role in providing data-driven insights, contributing to our organization's security strategy and vulnerability management practices. The role involves establishing and maintaining regional and global reports in support of the Cloud and Application Attack Surface Management scope, embracing and integrating a threat-informed approach, and regularly carrying out analytical reviews aimed at enhancing Experian's Cloud and Application Attack Surface Management through intelligent, prioritized, and actionable transparency.

Responsibilities

  • The role is independent, responsible for driving the development of vulnerability management metrics, gathering feedback from senior leaders in the organization, and articulating metrics to senior leaders
  • Evaluate and define functional requirements for vulnerabilities, flaws, and misconfigurations metrics
  • Understand the end-to-end Cloud and Attack Surface Management metrics process including metrics collection, tracking, and reporting
  • Develop, maintain, and run advanced reporting, dashboards, scorecards and analytical results
  • Communicate metrics to system owners and business partners on vulnerabilities, issues, and concerns
  • Develop and automate vulnerability metrics with specific procedures for data collection, analysis, and charting, partnering with necessary teams accordingly
  • Determine requirements for technical solutions and tools to effectively implement Vulnerability Metrics
  • Map metrics back to strategic objectives to provide insight into the effectiveness and efficiency of Cloud and Attack Surface Management
  • Develop vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness
  • Develop program efficacy metrics to support platform stability and improvements
  • Review business and internal requests for new vulnerability management reporting, design the solution, and develop metrics
  • Work with stakeholders to identify risk-based vulnerability management metrics aligned with the security program and security risk management
  • Develop procedures to structure the metrics and reporting framework as part of a long-term strategy
  • Produce timely scoping documents outlining the requirements for business requests
  • Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting
  • Aggregate vulnerability data across technologies such as endpoints, servers, network equipment, and cloud, interpret and present risk.

Qualifications

What your background looks like

  • A four-year college degree or university degree in computer science or computer engineering, and/or 5 years equivalent work experience.
  • 5+ years of experience in Cyber Security/Information Security and Vulnerability Management reporting
  • Experience with tools like SQL, Tableau, MS Excel, etc.
  • Experience with collaboration tools such as JIRA, ServiceNow, Confluence, etc.
  • Understanding of end-to-end security metrics process including metrics collection, tracking, and reporting, including ownership and responsibilities for each activity.
  • Understanding of the Common Vulnerability Scoring System (CVSS), including the calculations and implications of base, temporal, and environmental scoring factors
  • Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources for the purpose of detailing results, analyzing findings, and providing sophisticated threat intelligence.
  • Familiarity with the architecture, engineering, and operations of one or more vulnerability management tools, such as Wiz, Qualys, Rapid7, and ServiceNow.
  • Ability to provide creative solutions to complex problems
  • Ability to clearly communicate the risk of vulnerabilities to all levels within an organization
  • Knowledge of major cloud platforms (AWS, Azure, or GCP)
  • Ability to manage, organize, analyze, and present large amounts of data
  • Experience with large-scale and complex environments
  • A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
  • Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management, and security and controls
  • Ability to communicate complex and technical issues to diverse audiences, both orally and in writing, in an easily understood and actionable manner

Personal Attributes

  • Excellent interpersonal skills and strong written and verbal communication skills
  • Proactive attitude, seeking opportunities for improvement that can positively impact the security posture and the business
  • Exceptional writing and documentation skills
  • Strong organizational skills with a proven ability to manage multiple high-visibility issues simultaneously
  • Able to communicate ideas in both technical and user-friendly language
  • Highly self-motivated and self-directed, with keen attention to detail
  • Able to prioritize and execute tasks in a high-pressure environment
  • Ability to work independently
  • Experience working in a team-oriented, collaborative environment
  • Willing to travel globally if required

Additional Information

Culture at Experian

We value your uniqueness.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a vibrant, inclusive, and diverse team where people enjoy their work and enjoy working together. We believe that diversity, equity, and inclusion is essential to our purpose of