Security Analyst

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Nexxora Inc., is seeking the following. Apply via Dice today!

Security Analyst Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei

ROLE LOCATION(S) Onshore, SI Office: Alpharetta, GA; Charlotte, NC; Chicago, IL; Conshohocken, PA; Dallas, TX; Denver, CO; Fargo, ND; Garden City, NY; Houston, TX; Lenexa, KS; Lubbock, TX; Morristown, NJ; Mt Juliet, TN; New York, NY; Purchase, NY; Topeka, KS

Hybrid

Role Summary

The Security Analyst is responsible for independently managing third-party vulnerability data sources, executing scans using proprietary Client tools, and collaborating with IT teams to prioritize mitigation efforts. The role involves leveraging vulnerability management tools to generate metrics and reports that track progress and effectiveness. Additionally, the Security Analyst may contribute to reviewing project scopes to recommend security benchmarks, optimizing security tool alerts and policies, and integrating logs and large data sets into existing systems.

Role Responsibilities

• Analyze vulnerabilities from various sources and input them into the vulnerability management tool using approved methods to ensure a complete overview of exposures.
• Evaluate existing vulnerabilities to find problem areas or opportunities for mass-mitigation.
• Communicate with other teams to explain the opportunities or needs.
• Escalate vulnerabilities that have breached our time-to-resolve limits.
• Configure scanning tools and manage scan schedules.
• Collect a set of metrics and KPIs for our departmental use.
• Consider opportunities for AI to improve all of the above.
  
  

TECHNICAL QUALIFICATIONS:

• Strong familiarity and prior experience with:
• HTTP, PKI and signatures/encryption, SMTP, DNS, CWEs, CVEs, and other frameworks.
• Nessus, NMAP, ZAP, BurpSuite, Invicti, Nuclei or other scanning tools.
• Web application scanning and web application firewalls.
• Containers.
• CIS benchmarks, STIGs, or other security hardening standards.
  
  

Additional desirable skills or experience:

• SAML, Kerberos, OAuth, OIDC, LDAP.
• Powershell and Python.
• Jenkins.
• Splunk data onboarding indexes, sourcetypes, data models, forwarders, apps, HECs.
• Azure event hubs, Kafka, syslog.
• Sentinel, Defender, Crowdstrike, or other EDRs.
  
  

GENERAL QUALIFICATIONS:

• Able to research independently using available sources, collect data, then document a clear plan of action,
• Systematic thinking and troubleshooting.
• Able to create clear and detailed documentation of designs and processes for a diverse technical audience.
• Provide clear and concise communication of requirements, priorities, and status.
  
  

Education Requirements

• Bachelor s Degree in Information Technology or related field is considered a plus, not mandatory.