Principal Security Risk Analyst

When you join Verizon

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

The Principal-Security Risk Management officer is the lead security resource supporting VES Business unit and Public Sector Continuous Monitoring efforts and is responsible for Vulnerability assessment and compliance of Verizon public sector Information Technology (IT) system. This position is responsible to lead and perform vulnerability scans using industry standard tools to support and ensure the implementation and maintenance of security controls in accordance with the Federal Information Security Management Act (FISMA), FedRAMP, CJIS, NIST Risk Management Framework, and Center for Information Security (CIS Security) and other relevant Government policies. The position will also be responsible for the development, configuration and maintenance of the scanning infrastructure, ensuring boundary security policies and procedures meet compliance requirements from stakeholders supporting the environment. Additionally, this position leads the change management coordination for the Public Sector organization and is responsible for risk evaluation and communication with legal and executive management.

• Lead efforts in installation, configuration and execution of vulnerability and compliance assessments tools including Tenable products like Security Center, Nessus, Nessus Agents and other application assessment tools like Trustwave App detective and Fortify WebInspect dynamic and static code analysis.
• Lead member to execute vulnerability and compliance scans, perform assessments autonomously with little supervision.
• Ensure scan results are accurate and coordinate authentication and scan failure issues with internal stakeholders.
• Maintain and ensure scan asset inventory matches the defined security boundary of the project.
• Develop and lead the automation effort including creation of scripts and dashboards to reflect key data required for decision making by senior management.
• Track software updates provided by the vendor and upgrade of all vulnerability assessment and compliance tools to ensure all systems managed by the team are secure.
• Review and maintain the documentation including methods and procedures for each of the security boundaries and the scan infrastructure managed by the team.
• Support as a participating member on Verizon’s internal security teams to influence CPI 810 and drive corporate security solutions into the business units and an understanding of external technical bodies and the ability to interpret and influence those entities.
• Interact and coordinate with senior management and executives to provide high level status in regards to the vulnerability status of security boundaries managed by the team.
• Complex compliance audits and vulnerability plugins should be validated and tested to ensure accuracy of the vulnerability scan results.
• Communicate with the third party vendors in regards to issues with the scanning tools to ensure issues identified during the scanning process are troubleshooted and resolved.

Where you'll be working:

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You'll need to have:

• Bachelor’s degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience and in depth knowledge with at least two of the following tools: Tenable-Nessus, Nessus Agents and Tenable.SC, AppDetective, WebInspect. Fortify static code analysis and Blackduck.
• Experience in information security.

Even better if you have one or more of the following:

• Master’s degree.
• Five or more years of experience in system administration of Linux and Windows operating systems.
• Five or more years of experience in developing or leading an automation project.
• Two or more years of experience scripting and programming languages.
• Two or more years of experience in penetration testing.
• Knowledge of TCP/IP, subnetting, network concepts and troubleshooting.
• Knowledge of scripting and programming languages.
• Ability to work independently with little supervision.
• Network and Information Security Degree/Certification.
• Public Sector and Gov Cyber Security focused experience.
• UNIX/Linux and Windows server administration skills.
• AWS Cloud certifications and basic exposure to cloud platforms.
• Experience with business analysis tools - preferably Qlik Sense.
• Ability to recognize critical elements of successful operations.
• Experience or certification in CISSP, CEH, OSCP, CCNA.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

Verizon requires new hires to be fully vaccinated against COVID-19. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical, religious, or state law recognized reasons).