About Us:

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We’re independent and vendor-neutral, so we have our clients’ best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

About the Role:

As an associate vulnerability analyst, you will assist the deputy chief information security officer (CISO) in orchestrating all phases of the vulnerability management cycle to support NYSTEC’s information security initiatives. You will interface with staff and management across all levels of NYSTEC, as well as with external business partners, to ensure that NYSTEC’s business critical functions and systems are secure and in accordance with best practices.

You will also lead the development of standards, processes, and technical solutions to enhance the maturity of NYSTEC’s vulnerability program, with a focus on prioritizing vulnerabilities — using information about attack vectors — and establishing a vulnerability management program for both on-premises and cloud environments.

Key Responsibilities:

• Lead the orchestration of all phases of the vulnerability management cycle, including asset identification and classification, vulnerability detection, remediation, verification, and reporting.

• Implement mechanisms to detect vulnerabilities and determine how they may lead to corporate incidents, to enhance compliance with and support of security standards and procedures.

• Work closely with members of the Information Systems Security Team and the IT Team to enhance and automate the prioritization and remediation of vulnerabilities.

• Detect, analyze, interpret, evaluate, and integrate vulnerability data from multiple sources and formats for relevance to NYSTEC’s environment; monitor and provide metrics on the threat level of vulnerabilities to the systems, software, and networks.

• Actively investigate and validate the latest security vulnerabilities, advisories (e.g., Microsoft, Oracle, VMWare), and incidents and provide insights into relevance and threats to NYSTEC.

• Plan, develop, configure, and execute vulnerability scans using tools such as Tenable-Nessus, Rapid7, and Qualys on a variety of corporate and business information systems, both on-premises and cloud based.

• Assess potential threats and risks to systems and technologies, driving remediation with internal and external partners.

• Identify attack surface reduction opportunities through vulnerability data analysis and threat models.

• Work to build and scale security controls around vulnerability management as NYSTEC’s security program expands in a rapidly growing portfolio of new applications and products.

• Assist in scaling and automating NYSTEC’s security infrastructure and developing technical standards and practices, such as integration with third-party systems, to automate workflows related to asset management, prioritization, and scanning coverage.

• Proactively keep applicable members of management and leadership updated on risks, with relevant metrics articulating the progress on addressing.

• Supervise the approval, tracking, and reporting of any security exceptions as the need arises.

• Maintain knowledge of the threat landscape.

• Exercise a high degree of confidentiality.

• Demonstrate the NYSTEC Core Values and Behaviors.

• All other duties as assigned.

About you:

Required Qualifications

• Knowledge of general cybersecurity concepts and methods, including but not limited to secure configuration management, data protection and privacy, security monitoring, incident response, governance, risk and compliance, patch management, enterprise security strategies, and architecture.

• Understanding of various operating systems (Windows, Unix, MacOS, etc.), cloud concepts (secure build images, cloud patching, etc.), and knowledge of networking fundamentals.

• Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7), including the ability to architect, deploy, configure, and operate.

• Ability to conduct root cause analyses against vulnerabilities and to determine feasible technical solutions.

• Knowledge of vulnerability scoring systems (Common Vulnerability Scoring System/Common Misuse Scoring System [CVSS/CMSS]).

• Exceptional project management skills.

• Effective written and verbal communication skills, time-management skills, and the ability to prioritize tasks efficiently.

• Understands NYSTEC’s mission, brand mindsets, and core values and can put the behaviors into practice.

• To be considered for this role, candidates must be permanent residents of the state of New York.

• Onsite work will be performed in Rome, NY.

Preferred/Desired Qualifications

• CompTIA cybersecurity analyst certification (CySA+) or similar certification in information security, or the ability to obtain such within one year.

Education and Experience

• Bachelor’s degree in cybersecurity or a similar discipline and two years of experience with security management frameworks (e.g., National Institute of Standards and Technology [NIST], SysAdmin, Audit, Network, and Security [SANS], Secure Controls Framework [SCS]).

• An equivalent combination of education, training, and experience will be considered.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.