This job might no longer be available.
Security Analyst - Attack Surface Management
1 year ago
Job Posting Title
Security Analyst - Attack Surface ManagementPay Range
$92,703-$172,162Summary
This is a hands-on position within the Global Information Security (GIS) team supporting a federated security model for vulnerability management. The person will perform vulnerability scanning and analyze, develop reports and dashboards to provide awareness and accountability of vulnerabilities for stakeholders across the enterprise, and help prioritize and support remediation of vulnerabilities with the goal to improve company risk posture. We are looking for an enthusiastic person that has a firm grasp on vulnerability basics, experience with vulnerability management tools and their implementation, as well as an eye for detail and structure. If you have experience with penetration testing and/or web application testing, you would definitely score bonus points!What You'll Do
· Execute daily operations of the Vulnerability Management program including scheduling and running ad hoc vulnerability scans across all Aristocrat business units from IP based to Web Application scanning.
· Interpreting the results of scanning and assisting in assigning appropriate severity levels to discovered vulnerabilities.
· Managing assets within Vulnerability Management tools to ensure currency within the asset life cycle.
· Asist in the identification of internal and external risks based on scanning results beyond vulnerability scanning. E.g., Remote Desktop Protocol open to the internet as a significant risk.
· Identify improvements to scan coverage.
· Coordinate with internal IT and geographically dispersed business units’ vulnerability remediation and mitigation strategies.
· Assist in the documentation and standardization of process and procedures related to Vulnerability Management program activities.
· Assist in PCI compliance scanning and providing reporting to interested parties.
· Coordinate with the GIS Security Operations Center (SOC) in the review of vulnerability data in support of incident investigation.
· Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.
What We're Looking For
· In-depth knowledge of architecture, engineering, and operations of one or more vulnerability management tools: Qualys, Tenable, Nessus, Rapid7 InsightVM, Splunk, ServiceNow, Jira.
· Solid understanding of the application of the following frameworks and how they are applied to identifying and rating risk: OWASP, SANS, NIST, CIS, and MITRE ATT&CK.
· Experience with a scripting language such as PowerShell, Bash, Perl, Python.
· Ability to provide creative solutions to complex problems
· Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
· Knowledge of major cloud platforms (AWS, Azure, or GCP).
· Knowledge of systems hardening and other risk mitigation factors on multiple technologies and operating systems (Window, Linux, Mac, routers, switches, Kubernetes).
· Certification that could be helpful but not required: CISSP, Security+, CEH, GIAC certifications.
Why Aristocrat?
Aristocrat is a world leader in gaming content and technology, and a top-tier publisher of free-to-play mobile games. We deliver great performance for our B2B customers and bring joy to the lives of the millions of people who love to play our casino and mobile games. And while we focus on fun, we never forget our responsibilities. We strive to lead the way in responsible gameplay, and to lift the bar in company governance, employee wellbeing and sustainability. We’re a diverse business united by shared values and an inspiring mission to bring joy to life through the power of play.
We aim to create an environment where individual differences are valued, and all employees have the opportunity to realize their potential. We welcome and encourage applications from all people regardless of age, gender, race, ethnicity, cultural background, disability status or LGBTQ+ identity. We offer a range of flexible working options through all.flex, our flexible hybrid work model and invite you to have a conversation with us about flexible working. EEO M/F/D/V
- World Leader in Gaming Entertainment
- Robust benefits package
- Global career opportunities
Our Values
- All about the Player
- Talent Unleashed
- Collective Brilliance
- Good Business Good Citizen
The US based roles may require registration with the Nevada Gaming Control Board (NGCB) and/or other gaming jurisdictions in which we operate.
Create Your Profile — Game companies can contact you with their relevant job openings.