Security Analyst - Vulnerability Management
Phoenix, AZ, United States
Description
About Us:
EMCOR Group, Inc. (NYSE: EME) is a Fortune 500 company and a leader in mechanical and electrical construction, industrial and energy infrastructure, and building services.
A provider of critical infrastructure systems. EMCOR gives life to new structures and sustains life in existing ones by it planning, installing, operating, maintaining, and protecting the sophisticated and dynamic systems that create facility environments. This includes electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems--in virtually every sector of the economy and for a diverse range of businesses, organizations and government. EMCOR represents a rare combination of broad reach with local execution, combining the strength of an industry leader with the knowledge and care of 170 locations.
Job Title: -- Security Analyst - Vulnerability Management
Job Summary: --The Vulnerability Management Security Analyst will assist in identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout EMCOR. This role performs assessments and identifies weaknesses in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. This includes enhancing the information security management framework, supporting the user lifecycle management process, and monitoring for internal and external threats.
Essential Duties and Responsibilities: --
Implement, at management direction, and monitor a strategic, comprehensive enterprise information security management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization
Assess and mitigate system security vulnerabilities and risks
Create and maintain documentation for processes and procedures for vulnerability findings and their mitigations and remediations
Assist in remediation and identifying mitigations of findings discovered during vulnerability assessments
Collaborate closely with IT administrators, networking, and operations teams to implement effective security controls
Cultivate close working relationships with IT administrators and management across a diverse organization
Support authorized penetration testing on enterprise network assets
Recommend the selection of cost-effective security controls to mitigate risk
Maintain knowledge of system, OS, and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Utilize manual testing techniques and methods, at management direction, to gain a better understanding of the environment and identify false negatives
Ensure scan results are presented in appropriate dashboards, reports, and forwarded to external data systems
Support the management of device, user, and application certificates (SSH, SSL Keys)
Qualifications: --
Minimum three years hands on working experience with vulnerability scanning systems.
Minimum three years hands on working experience with patch management systems for Windows and Linux systems
Must be capable of delivering a very high level of customer service
Experience with Microsoft Intune, SCCM, or other device management systems preferred but not required
Experience working with Microsoft Active Directory and Entra ID
Experience and/or thorough understanding in one or more of the following technologies/languages: Excel, SQL, PowerShell, Bash, and JSON
Possess industry standard certifications (e.g., GIAC, CISSP, CISM) preferred but not required
Experience in IT controls monitoring for regulatory and compliance requirements like CIS, NIST, CMMC, ISO 27001 & ISO 27002 preferred but not required
Ability to effectively communicate, and professionally interact with personnel at all levels
Must be capable of delivering a very high level of customer service
Understanding of a variety of technical concepts with focus on hybrid computing architecture, automation, networking, systems administration, application security, and information security best practices
Accountability and Measurement
Support and maintain EMCOR’s Security Program.
Notice to prospective employees: There have been fraudulent postings and emails regarding job openings. EMCOR Group and its companies list open positions here (https://recruiting.ultipro.com/EMC1002EMCGI/JobBoard/cc563430-39f7-4c82-bdfe-62f295bd857a/?q=&o=postedDateDesc&w=&wc=&we=&wpst=) . Please check our available positions to confirm that a post or email is genuine.
EMCOR Group and its companies do not reach out to individuals to help with marketing or other similar services. If an individual is contacted for services outside of EMCOR’s normal application process – it is probably fraudulent.
We offer our employees a competitive salary and comprehensive benefits package and are always looking for individuals with the talent and skills required to contribute to our continued growth and success. Equal Opportunity Employer/Veterans/Disabled.
#emcor
#LI-MJ1
#LI-Remote
Qualifications
Education
Required
High School or better
Experience
Required
3 years: hands on working experience with patch management systems for Windows and Linux systems
3 years: hands on working experience with vulnerability scanning systems