IT Vulnerability Management Sr Analyst Information

Job Details

[The logo is protected from the company]

(0) (0)

Cliffs Natural Resources Inc.

Cliffs Natural Resources Inc. (NYSE: CLF) (Paris: CLF) is an international mining and natural resources company. * The largest producer of iron ore pellets in North America. * A major supplier of direct-shipping lump and fines iron ore out of Australia. * A significant producer of high and low volatile metallurgical coal. Driven by the core values of social, environmental and capital stewardship, Cliffs associates across the globe endeavor to provide all stakeholders operating and fi... Read More

Address	200 Public Sq # 3300, Cleveland, OH
Website	www.cliffsnaturalresources.com
Holding	No Holding Details

View Company Page

Apply to job

IT Vulnerability Management Sr Analyst

Description

This vulnerability management analyst evaluates and monitors information security related configurations, processes and controls across the company. This role researches, recommends and implements changes to enhance information systems security and monitoring capabilities. The incumbent will interface with low level technical resources as well as senior management and mine site resources.

This role leads small to large initiatives to enhance the security of the organization which is composed of over 1000 network devices supporting 5,000+ end users. This role will provide support to projects and work with project teams across many different technical disciplines and geographic locations.

This role will also identify and investigate anomalies and produces status reports and metrics reflecting the current state of security within the company. This may include performing forensic captures in accordance with defined procedures and chain of custody requirements.

This role will be responsible for tuning, monitoring and responding to a centralized Security Event Management system.

This role is the SME for Vulnerability Management and requires the individual to develop peers’ and junior staff members’ knowledge base. Specifically, this role will:

    * Responsible for the security event management process including monitoring, logging, alerting, auditing and reporting on threats, vulnerabilities and breaches. Determine the appropriate thresholds and monitor the environment for anomalous behavior using SEMS, VMS and IPS/IDS
    * Conducts reviews of security related device configurations (i.e. Firewall Rulesets, Router/Switch configurations etc…) to identify insecure or out of compliance configurations
    * Reviews security configurations and functionality of intranets, servers, applications, databases, and other relevant parts of the company’s infrastructure
    * Coordinates internal and external focused information security assessments to provide for an independent validation of the companies state of security. Track and communicate these assessment findings
    * Identify and produce metrics and scorecards that represent the current state of information security related vulnerabilities and mitigating controls
    * Acquires and maintains knowledge of current Cliffs Natural Resources standards, policies, procedures and audit requirements. Communicates with intra and inter-department team members as required, as well as members of Cliffs Natural Resources’ technical and project management teams
    * Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the companies applications or infrastructure and recommends mitigating controls to reduce the companies risk
    * Coordinates and executes pre-production vulnerability scanning (penetration testing) activities to identify weaknesses in applications prior to their turnover
    * Provides technical advice, guidance and assistance for e-discovery requests and investigations related to information security events. Assists with the documentation of such events
    * Maintain workable knowledge and understanding of information security, risk management and regulatory compliance topics. Maintains professional/technical currency of information security knowledge
    * Perform additional duties as directed by the Director of Information Security and GRC
    * Act as a back-up for other team members when required to do so

Education:

    * Bachelor’s Degree in a related field required from an accredited 4 year College
    * Certified Information Systems Security Professional (CISSP) designation or related designation preferred

Experience:

    * Demonstrated experience working on projects, training, designing process solutions, and directly interacting with customers
    * Ability to respond to emergency service calls at any time outside of normally assigned work hours
    * Knowledge and understanding of current information security techniques and technologies as well as the methods used in performing risk analyses and assessments. Experience with conducting comprehensive threat and risk assessments of IT systems, applications, and networks
    * Strong experience with vulnerability management toolsets, hacking toolsets and security event management systems
    * Experience with conducting security assessments and using hacking tools in a controlled corporate environment
    * Proven experience documenting systems configurations, processes and procedures
    * Ability to communicate with and understand the needs of non-technical constituents, both internal and external
    * Willingness to travel up to 10%, including international travel, and be flexible to work various hours to accommodate international business needs

    * Familiarity with the following technologies: authentication, authorization, privilege management, access control, firewalls, virtual private networking, and computer network defense, firewall and router configuration, switches, secure network architecture, VPNs, PKI, TCP/IP, IPSEC, SSL, SSH, VPN, Ethernet, SMTP, FTP, WAN, Radius, F5, Cisco PIX, XML, HTML, SNORT, Sniffer technologies, Windows 2000/NT, Solaris, AIX, HP-UX, Qualys, Linux, Checkpoint, MS Exchange, Active Directory, LDAP
    * 10+ years IT experience with several years of vulnerability management experienc preferred.

Other Job Information

Vacancy type:	Full Time	Contact Mode:	not provided
Fax:	216-694-4880	Contact Name:	not provided
Job Duration:	not provided	Phone:	216-694-5700
Email:	jessica.moran@cliffsnr.com