Crypto.com
Crypto.com

Vulnerability Management Analyst - Cyber Security

Skill
Location
Vietnam
level
Level
Middle
working mode
Mode
Hybrid
working type
Type
Full-time
language
'
Language
English

Job Description

Posted on:
October 18, 2023

The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more.


The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.


Crypto.com is seeking experienced Vulnerability Management & Configuration Management analysts to join our high-performing and agile team. This role has the direct responsibility for supporting the Vulnerability Management, Security Patching and Configuration Management program.


The Vulnerability Management Analyst will perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The role will execute on the security patching strategy, which includes testing the security patches on various operating systems (Windows, Linux, MacOS) and deploying the security patches to the respective endpoints; as well as measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Responsibilities

  • Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests
  • Review and triage vulnerability alerts into manageable reports for other analysts and management to review
  • Assist in asset management and vulnerability data-enrichment processes
  • Manage vulnerability and configuration scanning tools, like setting up vulnerability scanners, scheduling scans, tuning scanning profiles, etc.
  • Prepare security patch bundles and perform testing on those security patches for various types of endpoints (Windows, Linux, MacOS).Implement security patching on various types of endpoints (Windows, Linux, MacOS) and servers.
  • Use asset risk profiles, vulnerability severity ratings, and threat information to communicate priorities for remediating vulnerabilities
  • Provide stakeholders with advice and assistance in identifying false positives and cost-effective vulnerability remediation or mitigation solutions
  • Develop security documentation under the guidance of the Vulnerability Management & Configuration Management Lead
  • Assist in automated or manual patching remediation processes
  • Provide support and input for assessing risks associated with unmitigated vulnerabilities and configuration weaknesses.
  • Support asset management initiatives by assisting with asset identification, classification and ownership.
  • Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs
  • Deliver and designing key vulnerability reporting metrics and KRIs
  • Automate integration points with CMDB and other data-enrichment systems

Requirements

  • 3+ years of experience working in information security
  • 2+ years of experience in vulnerability assessment & remediation
  • Knowledge of common security framework like CIS, NIST, etc.
  • Able to articulate how vulnerabilities translates to cyber-risks
  • Experience conducting security risk assessments
  • Experience of using vulnerability management tools like Tenable, Qualyst, InsightVM, Tripwire CCM , etc.
  • Cloud experience (AWS, Azure and/or GCP) is required.
  • Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred.
  • Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus.
  • High work ethic and sense of ownership for the delivered results.
  • Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required.

#LI-MK1

#Hybrid


Life @ Crypto.com

Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.

Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions.

Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.

Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.

One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet.


Are you ready to kickstart your future with us?

Benefits

Competitive salary

Medical insurance package with extended coverage to dependents

Attractive annual leave entitlement including: birthday, work anniversary

Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up

Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope.

Work Perks: crypto.com visa card provided upon joining

Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team.

About Crypto.com :

Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.

Learn more at https://crypto.com.

Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.

Personal data provided by applicants will be used for recruitment purposes only.

Please note that only shortlisted candidates will be contacted.

Report job


deadline
Deadline
salary
Salary
Negotiable
job function
Job function
Analyst
industry
Industry
Financial Services
Skill
Skill
CIS, NIST, etc., The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau (https://www.linkedin.com/in/jasonciso/) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more. The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” – the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark. Crypto.com is seeking experienced Vulnerability Management & Configuration Management analysts to join our high-performing and agile team. This role has the direct responsibility for supporting the Vulnerability Management, Security Patching and Configuration Management program. The Vulnerability Management Analyst will perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The role will execute on the security patching strategy, which includes testing the security patches on various operating systems (Windows, Linux, MacOS) and deploying the security patches to the respective endpoints; as well as measure effectiveness of defense-in-depth architecture against known vulnerabilities. Responsibilities Assist in the analysis and remediation of findings discovered during scheduled internal and third party vulnerability scans and penetration tests Review and triage vulnerability alerts into manageable reports for other analysts and management to review Assist in asset management and vulnerability data-enrichment processes Manage vulnerability and configuration scanning tools, like setting up vulnerability scanners, scheduling scans, tuning scanning profiles, etc. Prepare security patch bundles and perform testing on those security patches for various types of endpoints (Windows, Linux, MacOS).Implement security patching on various types of endpoints (Windows, Linux, MacOS) and servers. Use asset risk profiles, vulnerability severity ratings, and threat information to communicate priorities for remediating vulnerabilities Provide stakeholders with advice and assistance in identifying false positives and cost-effective vulnerability remediation or mitigation solutions Develop security documentation under the guidance of the Vulnerability Management & Configuration Management Lead Assist in automated or manual patching remediation processes Provide support and input for assessing risks associated with unmitigated vulnerabilities and configuration weaknesses. Support asset management initiatives by assisting with asset identification, classification and ownership. Collaborate closely with the security compliance team to acquire the compliance and regulation requirements and ensure the program fulfill their needs Deliver and designing key vulnerability reporting metrics and KRIs Automate integration points with CMDB and other data-enrichment systems Requirements 3+ years of experience working in information security 2+ years of experience in vulnerability assessment & remediation Knowledge of common security framework like CIS, NIST, etc. Able to articulate how vulnerabilities translates to cyber-risks Experience conducting security risk assessments Experience of using vulnerability management tools like Tenable, Qualyst, InsightVM, Tripwire CCM , etc. Cloud experience (AWS, Azure and/or GCP) is required. Proficiency in a scripting language like Python, Ruby, PowerShell, or Bash is preferred. Information Security certifications (CISSP, SANS GIAC, Security+, etc.) a plus. High work ethic and sense of ownership for the delivered results. Excellent communication skills in English (spoken & written) and comfort communicating security risks and controls to technical and non-technical partners required. #LI-MK1 #Hybrid Life @ Crypto.com Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team. Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions. Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth. Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another. One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet. Are you ready to kickstart your future with us? Benefits Competitive salary Medical insurance package with extended coverage to dependents Attractive annual leave entitlement including: birthday, work anniversary Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope. Work Perks: crypto.com visa card provided upon joining Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team. About Crypto.com : Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem. Learn more at https://crypto.com. Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team. Personal data provided by applicants will be used for recruitment purposes only. Please note that only shortlisted candidates will be contacted., Tenable, Qualyst, InsightVM, Tripwire CCM ,, Cloud experience (AWS, Azure and/or GCP) , scripting language like Python, Ruby, PowerShell, or Bash
hiring number
Hiring number
exp
Experience
3
Years
contract duration
Contract duration
Months
Apply
Apply now
Please let Vremote know that you found this position on our job board, as that is a great way to support us, so we can keep posting cool jobs every day.
Apply Now
Crypto.com
About
Crypto.com
View Company

More job openings

All jobs