Our Ability Jobs

Job Information

Garmin Cyber Security Vulnerability Analyst in Olathe, Kansas

We are looking for a full-time Cyber Security Vulnerability Analyst for our headquarters in Olathe, KS. \n\nPOSITION SUMMARY: \n\nThis role will operate independently to perform vulnerability scanning and assessments to support the identification, analysis, and remediation of risk to networks, operating systems, applications, and other information system components. Responsible for reviewing and assessing automated tools, threat feeds, and disclosure programs to determine and classify vulnerabilities and work with stakeholders to formulate remediation timelines and plans. Tasked to formulate remediation plans based on experience and available data on Garmin risks.\n\nESSENTIAL FUNCTIONS:\n\n\n\tIndependently analyzes results from internal and external vulnerability scans and charged with using experience and skills to prioritize risk-based remediation plans. \n\tAuthorized to formulate remediation plans and timelines following vulnerability scans using input from system owners.\n\tAutonomously analyzes and implements optimal settings and configurations to perform vulnerability scans of networks, operating systems, applications, containers, cloud resources, and other information systems. \n\tSets proper scan time frames to avoid service interruption, ensuring complete and accurate results are achieved.\n\tEstablish strong relationships with business stakeholders to facilitate prioritization and timely remediation.\n\tWorks independently to prepare remediation and mitigation actions using all available information to ensure the appropriate steps are implemented by stakeholders across all business segments.\n\tEstablishes and creates vulnerability documentation mitigations, and remediations. \n\tDevelops metrics and timelines in support of the monitoring of vulnerability management program health.\n\tWorks with Cyber Security, System Administration, and System Owners to establish vulnerability mitigations and plans of action.\n\tDevelops, creates, and provides reports of vulnerability scan results that are in a consumable and consistent format. Determines the level of information and detail to provide with an eye towards intended audience.\n\tTracks vulnerability mitigations and results over time. Independently builds performance metrics that provide advanced and detailed views of remediation performance.\n\tHelps establish, and tracks compliance with vulnerability management policies, standards, and procedures.\n\tEnsures that external vulnerability disclosures are assigned to the proper teams and facilitates communications with vulnerability reporters and finders.\n\tAnalyze compliance requirements and develop scanning plans and procedures to test and report on results. Build and provide compliance team with customized vulnerability and scanning procedures in support of compliance efforts.\n\tPerforms system administration activities on vulnerability management systems and applications.\n\tCommunicates in written and verbal form effectively in a large team or departmental setting.\n\tDemonstrates proficient use and knowledge of standards and procedures.\n\tPerform other duties as necessary\n EDUCATION EXPERIENCE AND SKILLS REQUIRED:\n\n\n\tBachelor of Science Degree in Computer Science, Information Technology, Management Information Systems, or another relevant field AND a minimum of 5 years IT Security experience OR a Master of Science Degree in one of the fields noted above AND a minimum of 3 years relevant experience OR equivalent combination of education and experience. \n\tPossess analytical skills and a strong ability to maintain composure and remain diplomatic under highly stressful situations \n\tFamiliarity with Common Vulnerability Scoring System CVSS framework, National Vulnerability Database (NVD).\n\tStrong multitasking skills to be able to effectively manage multiple activities, including cross-team dependent activities simultaneously.\n\tDemonstrated effective verbal, written, and interpersonal communication skills.\n\tConsistently demonstrates quality and effectiveness in work documentation and organization.\n\tDemonstrated ability to exercise strong and effective verbal, written, and interpersonal communication skills in a small team setting.\n\tMust be team-oriented, possess a positive attitude, and work well with others.\n\tFamiliarity with defensive security techniques and implementation of mitigating security controls\n\n\nDESIRABLE QUALIFICATIONS:\n\n\n\tWorking experience with automated vulnerability scanning tools, including implementation, configuration, maintenance.\n\tInformation security-related experience, in areas such as security operations, incident analysis, incident handling, system patching, and endpoint protection.\n\tExperience with vulnerability scanning in cloud-based environments, including security posture management.\n\tFamiliarity with container vulnerability scanning and processes.\n\tAbility to work in a fast-paced, dynamic environment\n\tSecurity certifications (GCIH, GCED, CISSP)\n\tExperience with NIST 800-53 and/or NIST Cyber Security Framework (CSF)\n\tExperience with information and event management (SIEM) Platforms\n\tExperience with BI tools for data analytic reporting and KPIs.\n\tAPI usage and data manipulation\n\tSystem administration experience: Windows and Linux/Unix Scripting OR development experience (Python, JavaScript, PowerShell, C#, Perl)\n\n\nGarmin International is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran’s status, age or disability.\n