Our Partners thrive The H-E-B Way. As a Vulnerability Management Analyst, you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
A Vulnerability Management Analyst at H-E-B must be able to demonstrate ability to install, manage and maintain vulnerability scanning technologies on-premise and in a cloud environments, as well as, the ability to manage the remediation of identified vulnerabilities through coordinating the efforts of teammates. The candidate will perform assessments of systems, software and networks within the environment and identify deviations from acceptable configurations or policies, measuring the effectiveness of H-E-B's defense-in-depth architecture against known vulnerabilities.
ROLE

• Detecting, analyzing, interpreting, evaluating, and integrating vulnerability data from multiple sources and formats for relevance to our environment; monitors and provides metrics on the threat level of vulnerabilities to the systems, software, and networks of H-E-B.
• Implements mechanisms to detect vulnerabilities and how they may lead to corporate incidents to enhance compliance with and support of security standards and procedures.
• Plans, develops, configures, and executes vulnerability scans using tools such as Tenable-Nessus, Rapid7, HCL AppScan on a wide variety of global corporate and business information systems both on-premise and cloud based.
• Actively investigates and validates the latest security vulnerabilities, advisories (e.g., Microsoft, Oracle, VMWare, et al), incidents, and provides insight to relevance and threat at H-E-B.
• Identifies attack surface reduction opportunities through vulnerability data analysis and threat models.
• Collaborates with other Digital teams to mature the vulnerability management program.
• Develop, test, and modify custom scripts for vulnerability content.

REQUIRED

• Minimum of 5 years' experience in security in an enterprise environment.
• Demonstrated experience supporting vulnerability scanning technologies and the vulnerability management process, including remediation planning, as an engineer.
• Experience with Windows, Linux, Mobile and networking environments, and their security configuration options.
• Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
• Knowledgeable of authentication processes and protocols, services, PKI and token/certificate-based authentication, DNS, and AD structure.
• Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers, using appropriate language, examples, and tone.
• Demonstrated logical and structured approach to time management and task prioritization in support of teamwork goals.
• Demonstrated high level of communication skills, both verbal and written with collaborative mindset as a contributing team member.
• Proactively pursues professional growth in the areas of technology, business knowledge, and H-E-B policies and platforms.
• Strong analytical skills, documentation skills, and awareness of change management.
• Ability to handle highly confidential information in a strictly professional manner.
• Coordinate with other analysts and departments regarding system and network security when needed.
• Willingness to work outside of regular business hours, as required.
• Understanding of security frameworks such as PCI, HIPAA, GDPR, etc.

RECOMMENDED

• 2-3 years' experience in retail security operations
• One or more professional audit or security certifications such as Security+, Pentest+, CySa+ CEH, OSCP, CSA, GIAC, CASP, or CISSP (or equivalent experience).
• Experience with OIT, SCADA, and IOT vulnerability management
• Experience with AWS, GCP, or Azure cloud vulnerability management practices
• Programming/scripting knowledge for automating day to day tasks - Python/ Perl, Ruby
• Research mindset has a hold on where to look for relevant information pertaining to reported vulnerabilities.
• Experience working law enforcement on vulnerability analysis

*** Position locations open to San Antonio, Dallas, and Austin, TX areas
ISSEC3232