Apply Now    

Vulnerability Analyst II - Security Operations Center

  • Country:US
  • State:TX
  • Category:Product Services
  • Required Education:High School Diploma/GED
  • Position Type:Professional
  • Employment Type:Full-Time
  • Contract Type:Regular
  • Req ID:133141BR
View Full Description
Job Description

Empowered. Innovative. Inspiring. Creative. Intense. These are all words we use to describe life at IBM.

At IBM, creating innovative IT solutions for global companies is only the beginning. Our clients need to ensure that their world-class systems not only meet business requirements, but are secure and reliable. That is where you come in.

Vulnerability Analyst II’s are responsible for identifying, reporting and tracking system vulnerabilities within corporate, commercial and federal assets ensuring the integrity of the environment. Daily activities include:
  • Operation of various scanning tools in use
  • Assessment and analysis data collected from scan tools
  • Tracking and reporting on discovered vulnerabilities and remediation efforts
  • Identification of overdue system remediation efforts
  • Sourcing and tracking of public and pre-embargoed vulnerability disclosure sources.
  • Analysis and reporting of all applicable publicly disclosed zero-day vulnerabilities.
  • Coordination with system owners to identify and remediate scan problems
  • Coordination with system owners to provide requested details about scan findings, scan methodologies and remediation recommendations
  • Assisting Program Managers with reporting and continuous motion on remediation efforts
  • Monitor a strategic, comprehensive corporate, commercial and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
  • Daily security activities related to the protection of corporate and other federal assets including scanning tools and ticketing systems documenting the identification and remediation process for identified system flaws
  • Provide information to system owners of flaws identified within that group’s responsible systems.
  • Ensure that IBM Cloud is in compliance with all applicable Federal, IBM Internal and industry standard directives and policies regarding securing and monitoring of information systems
  • Assist in risk assessment duties including reporting and oversight of remediation efforts
  • Enterprise-level experience managing the remediation of vulnerabilities in two or more of the following areas:
    • Server Operating Systems (Windows Server, Red Hat, CentOS)
    • Network (Cisco, Palo Alto, F5, McAfee)
    • Storage (NetApp, CleverSafe)
  • Manage multiple projects with various priority levels and time lines from start to finish
  • Develop and maintain accurate documentation for internal procedures and services
  • Maintain knowledge of outstanding vulnerability management issues and ensure remediation timelines are completed by required guidelines
  • Thorough understanding of how to calculate CVSS v2 and v3 adjusted scores
  • Must collaborate with other departments to resolve complex issues and be detail oriented
  • Ability to automate solutions to repetitive problems/tasks


Required Technical and Professional Expertise

  • 2+ years of information security experience OR 3+ years of applicable experience with Linux/UNIX systems in a production environment OR other relevant experience.
  • Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices preferred
  • Knowledge of generic information security standards/programs
  • Understanding of basic network concepts, familiarity with TCP/IP and VLAN functionality
  • Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
  • High degree of initiative and ability to work with little supervision
  • Capability to maintain highly detailed documentation and ticketing

Preferred Tech and Prof Experience


  • Experience with the common tools associated with penetration testing (Metasploit, Burp Suite, Kali etc.)
  • Ability to effectively code in a scripting language (Python, Perl, etc.)
  • Degree in computer science or other technical discipline is preferred
  • Possession of industry certifications highly preferred. Including, but not limited to, Security+, Linux+, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC) or ability to obtain after hire

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Preferred Education: Bachelor's Degree Commissionable: No
Apply Now    
Link for schema

Share this job