Our story starts with a simple universal truth: Every business is a people business. Our people are our greatest assets at Alight Solutions because People Matter! We strive for Excellence Every Day by collaborating with our clients and colleagues. At Alight, we Think Forward and we Act Now to shape the future of work and life for organizations, people and their families! Alight has 25years of industry experience. Our success is fueled by the expertise of our people, and the strength of our proprietary and partner technology. Come join the leading technology-enabled HR and benefits service provider. Be Real with Alight and help us reimagine how people and organizations thrive.
The Senior Vulnerability and Risk Analyst will assist with day-to-day operations related to vulnerability and threat management: identification, remediation, mitigation, and reporting. The Vulnerability Management function is focused on proving continuous vulnerability assessment of systems and infrastructure in use by Alight. In addition, the Vulnerability Management team works directly with various operations groups to provide prioritization and consulting around potential mitigation and remediation related to identified vulnerabilities.
As a Senior Vulnerability and Risk Analyst, a typical day to include the following:
- Manage the enterprise vulnerability assessment program, which will include conducting regular patch & configuration vulnerability assessments against core infrastructure via commercial scanning tools (i.e. Rapid7, Nessus, Qualys, etc);
- Research & Evaluate threats and vulnerabilities to assist in prioritization of remediation actions;
- Investigation of conflicting compliance reports (failed patches, patch supersedence, failed GPO application, etc);
- Monitor for compliance & drift against corporate security standards;
- Provide real time decision making for ongoing information security incidents as they occur;
- Maintain current knowledge of all Alight configuration security baselines and patch standards;
- Optimize and ensure the continued & effective operation of the information security control process life-cycle, including releasedates, severity patch timelines, burn-in cycles, & corporate infrastructure freezes;
- Partner with currency teams and application owners to ensure remediation of identified vulnerabilities occurs within noted SLAs and in adherence with corporate change control policies;
- Ensure proper system owners are filing exceptions, when required;
- Develop and maintain methods to validate identified vulnerabilities are resolved;
- Develop escalation procedures for all vulnerabilities not remediated within set guidelines;
- Creation of metrics highlighting current infrastructure compliance ratings;
- Creation of compliance trending reports;
- Develop and deliver communications to senior management regarding strategic securityrisks and threats;
- Partner with appropriate groups to help ensure all system information is current and accurate in CMDB;
- Develop reports highlighting current ?at risk? asset groups;
- Provide consultative services to department management and IT project teams to help raise awareness of Information Security issues and concerns affecting Alight;
- Provide mentoring, oversight, and guidance to less experienced team members;
- Bachelor?s degree or international equivalent or equivalent work experience;
- 3+ years working within an information security-related discipline
- 2+ years technical operations providing system/platform support
- 2+ years' experience in one of the following:
- Network operations or engineering
- System administration on Unix, Linux, or Windows
- SOC/CIRT team lead
- 3+ years working in Offensive Security (penetration testing/vulnerability scanning)
- Working knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments;
- Knowledge and experience with physical and virtual server configurations and implementations;
- Experience with configuration management, change control processes, problem determination, root cause analysis, risk assessment, & exception management;
- Working knowledge of CIS Baselines, NIST, vendor security guidelines, etc.;
- Working knowledge of both windows and *nix based operating systems;
- Advanced knowledge of elements of information technology stack ( i.e. network, operating system, sub-system, display/application) and inter-relationships between the various functional components;
- Experience in overseeing the implementation, maintenance and compliance with government/industry information security regulations/frameworks (SOX, FDIC, FFIEC, NIST, and ISO);
- Experience using and supporting commercial vulnerability and compliance scanning products (e.g. Qualys, Rapid7, Foundstone, nCircle, Nessus);
- Manage multiple priorities, requests and tasks with minimal supervision
- Industry certifications such as GIAC (specifically GPEN, GXPEN), OSCP preferred.
- By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight?s employment policies. Background checks may include some or all of the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position.
At Alight, we believe that diversity should be visible, valued, and sustained throughout the organization. Alight provides equal treatment and employment opportunities to all employees and applicants for employment without regard to any protected status or other protected characteristic.
Alight does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, we take affirmative action to employ and advance in employment qualified minorities, women, disabled persons, disabled veterans and other covered veterans.
Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities, sincerely held religious beliefs, practices and observances, unless doing so would result in an undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter.
We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.
Nothing in this job description restricts management's right to assign or reassign duties and responsibilities of this job to other entities; including but limited to subsidiaries, partners, or purchasers of Alight business units.
Alight Solutions provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, pregnancy, childbirth or related medical condition, veteran, marital, parental, citizenship, or domestic partner status, or any other status protected by applicable national, federal, state or local law. Alight Solutions is committed to a diverse workforce and is an affirmative action employer.