Security Analyst - Vulnerability Management

Description

About Us:

EMCOR Group, Inc. (NYSE: EME) is a Fortune 500 company and a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services.

A provider of critical infrastructure systems. EMCOR gives life to new structures and sustains life in existing ones by it planning, installing, operating, maintaining, and protecting the sophisticated and dynamic systems that create facility environments. This includes electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems--in virtually every sector of the economy and for a diverse range of businesses, organizations and government. EMCOR represents a rare combination of broad reach with local execution, combining the strength of an industry leader with the knowledge and care of 170 locations.

Job Title: -- Security Analyst - Vulnerability Management

Job Summary: --The Vulnerability Management Security Analyst will assist in identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout EMCOR. This role performs assessments and identifies weaknesses in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. This includes enhancing the information security management framework, supporting the user lifecycle management process, and monitoring for internal and external threats.

Essential Duties and Responsibilities: --

• Implement, at management direction, and monitor a strategic, comprehensive enterprise information security management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization

• Assess and mitigate system security vulnerabilities and risks

• Create and maintain documentation for processes and procedures for vulnerability findings and their mitigations and remediations

• Assist in remediation and identifying mitigations of findings discovered during vulnerability assessments

• Collaborate closely with IT administrators, networking, and operations teams to implement effective security controls

• Cultivate close working relationships with IT administrators and management across a diverse organization

• Support authorized penetration testing on enterprise network assets

• Recommend the selection of cost-effective security controls to mitigate risk

• Maintain knowledge of system, OS, and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)

• Utilize manual testing techniques and methods, at management direction, to gain a better understanding of the environment and identify false negatives

• Ensure scan results are presented in appropriate dashboards, reports, and forwarded to external data systems

• Support the management of device, user, and application certificates (SSH, SSL Keys)

Qualifications: --

• Minimum three years hands on working experience with vulnerability scanning systems.

• Minimum three years hands on working experience with patch management systems for Windows and Linux systems

• Must be capable of delivering a very high level of customer service

• Experience with Microsoft Intune, SCCM, or other device management systems preferred but not required

• Experience working with Microsoft Active Directory and Entra ID

• Experience and/or thorough understanding in one or more of the following technologies/languages: Excel, SQL, PowerShell, Bash, and JSON

• Possess industry standard certifications (e.g., GIAC, CISSP, CISM) preferred but not required

• Experience in IT controls monitoring for regulatory and compliance requirements like CIS, NIST, CMMC, ISO 27001 & ISO 27002 preferred but not required

• Ability to effectively communicate, and professionally interact with personnel at all levels

• Must be capable of delivering a very high level of customer service

• Understanding of a variety of technical concepts with focus on hybrid computing architecture, automation, networking, systems administration, application security, and information security best practices

Accountability and Measurement

• Support and maintain EMCOR's Security Program.

Notice to prospective employees: There have been fraudulent postings and emails regarding job openings. EMCOR Group and its companies list open positions here (~~~=) . Please check our available positions to confirm that a post or email is genuine.

EMCOR Group and its companies do not reach out to individuals to help with marketing or other similar services. If an individual is contacted for services outside of EMCOR's normal application process - it is probably fraudulent.

We offer our employees a competitive salary and comprehensive benefits package and are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer/Veterans/Disabled.

#emcor

#LI-MJ1

#LI-Remote

Qualifications

Education

Required

• High School or better

Experience

Required

• 3 years: hands on working experience with patch management systems for Windows and Linux systems

• 3 years: hands on working experience with vulnerability scanning systems