Senior Cloud Vulnerability Management and Configuration Assurance Analyst
Cyber Technology Assurance
Enterprise Cyber Security
This role participates in the reduction of risk to computing assets through the identification, assessment, and reporting of vulnerabilities and blending technical and security expertise to harden and define approved security configurations for various platforms, both on-prem and in the cloud. The role is responsible for analyzing the data generated by the vulnerability scanning solutions, coordination with external collaborators regarding their patching program, effectiveness, and completion of day-to-day tasks associated with the Vulnerability Management Program. This role is perfect for a great teammate with strong vulnerability management and secure baseline experience, curiosity, and communication skills. The ideal candidate is a validated analytical person, adept at making good decisions, comfortable with multi-functional and distributed teams, and flexible with changing priorities.
This is a Senior Information Security Consultant position within the Enterprise Cyber Security organization. The Cyber Technology Assurance organization requires expertise in the vulnerability management lifecycle and configuration assurance (e.g., secure baselines) for assets in the cloud environment.
Leverage security assessment tools and processes to identify, risk assess, prioritize, and report security vulnerabilities and configuration weaknesses to MassMutual’s cyber assets ensuring timely and risk-based mitigation.
Review security vulnerabilities and configuration defects across a variety of technologies and environments to drive remediation of critical/high risk vulnerabilities to MassMutual’s cyber assets.
Work in a dynamic cross-functional environment – partnering with technology and security teams to align practices and tools, leveraging automation where possible to execute identification, notification, and mitigation of cyber assets weaknesses and defects.
Drive creative problem-solving and streamline established processes.
Establish baselines for security configurations of various platforms including on-prem and cloud (e.g., AWS and Azure) based on industry standards, vendor recommendations, and inputs from platform SMEs.
Monitor for security misconfigurations – ensuring accurate and timely identification, risk-based reporting, and escalation.
Use risk-based approach to prioritize security findings and recommending mitigation solutions to stakeholders.
Ensure compliance with established standards, policies, and configuration guidelines.
Coordinate with Security Engineering Endpoint team to tune scanning tools to improve visibility and to meet additional security objectives.
Leverage reporting tools to demonstrate the overall risk through metrics (KPIs, KRIs, OKRs) of vulnerabilities and configuration defects to MassMutual’s cyber assets for various team leaders and executive leadership for risk prioritization and enablement of risk-based decision-making.
Focus on continuous process improvement and identify opportunities for automation.
Continuously evaluate the technology and risk landscape to identify best practice configurations, tools, and process improvement.
The Minimum Qualifications:
Minimum of 5 years expertise in cybersecurity with a focus on vulnerability and configuration management tools and disciplines in cloud security.
BA/BS in Computer Science, Management Information Systems, Engineering or related field, or equivalent work experience in Information Security.
Clear understanding of various operating systems (Windows, Unix, etc.,), secure configuration and build images.
Clear understanding and knowledge of vulnerability analysis and securing baselines.
Knowledge of cybersecurity concepts and methods including, but not limited to secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies and architecture
Knowledge of development operations (DevOps) and the CICD pipeline, asset discovery and asset management systems.
The Ideal Qualifications:
Effective communication skills including the use of technical and concise language with various security teams, business leaders, and management.
Able to translate complex technical issues into simple, easy to understand concepts.
Experience with risk controls and interacting with internal/external audit.
What to Expect as Part of MassMutual and the Team
Regular meetings with the Cyber Technology Assurance Team
Focused one-on-one meetings with your manager
Access to mentorship opportunities
Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQ, veteran and disability-focused Business Resource Groups
Access to learning content on Degreed and other informational platforms
Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
If you need an accommodation to complete the application process, please contact us (*****) and share the specifics of the assistance you need.
At MassMutual, we focus on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. For more information about our extensive benefits offerings please check out our Total Rewards at a Glance. (http://www.massmutual.com/global/media/shared/doc/employee_benefits.pdf)