Infrastructure Vulnerability Analyst

I am looking to find the right candidate for am Infrastructure Vulnerability Analyst opening. Please contact me at jo'connor@tiaa-cref.org if you are interested. Infrastructure Vulnerability Analyst This candidate will be primarily responsible for maintaining the security vulnerability and problem management process, including initial communication, ongoing status tracking, reporting to senior management and escalation where necessary. Metrics and status reporting will demonstrate overall security risk reduction and business benefit of this program.
Scope 
• Monitor security sources for vulnerability announcements and emerging threats that correspond to the software within the system inventory.
• Risk rank security vulnerabilities based on applicability to TIAA-CREF and key technical factors. 
• Establish time-frames for remediation of vulnerabilities based on risk ranking.
• Distribute vulnerability and remediation information to engineering and operations teams. 
• Manage a database of vulnerabilities that need to be addressed by the organization.
• Coordinate status updates with a large cross-functional team to ensure vulnerability remediation status is always up-to-date.
• Oversee and track vulnerability remediation progress.
• Deliver regular and ad-hoc reports and metrics to management. Collaborate with IT Asset Inventory teams to understand which operating systems and software applications are used within the organization.
• Collaborate with engineering and operations teams to document remediation plans, escalate challenges, and initiate exceptions where necessary.
• Work with security subject matter experts to understand and document vulnerabilities discovered or reported internally.
• Coordinate testing with security subject matter experts to verify vulnerability remediation. Bachelor's degree in information security, computer science, engineering, telecommunications, or related discipline.
• 5 years or more of related experience in Information Technology performing any of the following: technical project management, IT audit, information security engineering/consulting, or IT business analyst.
• Security certifications such as CISSP, GIAC, Security+ desirable
• Broad knowledge of technology, such as operating systems (Windows, *NIX, Apple iOS), network devices (firewalls, routers, switches, load balancers, web proxy), databases (Oracle, MS SQL), and security tools (vulnerability scanning, patch management, network packet analyzers, anti-virus).
• Extensive knowledge of various vulnerability exploit, malware and phishing techniques. 
• Good understanding of industry best practice security baselines, standards and financial industry regulations (SOX, SAS-70, PCI).
• Ability to have good working relationships with outside vendors and developing relationships with professional organizations, peer groups, and industry trade groups and conferences to stay current with technology.
• Excellent documentation skills.
• Understanding of security vulnerability management methodologies, remediation planning and prioritization.
• Knowledge of one or more risk assessment methodologies a plus.
• Experience with vulnerability assessment tools a plus
• Knowledge of ethical hacking and penetration testing techniques a plus