Cummins Inc. Cybersecurity Vulnerability Analyst in Columbus, Indiana

Cybersecurity Vulnerability Analyst

Description

Cummins is a place big enough to coach and develop a global workforce and create the world’s leading clean, engine technology. We’re also small enough for you to find your fit and personal passion with a team of dependable, innovative thinkers who are developing their careers within a diverse, inclusive, empowering environment.

Learn more about this role and how you can begin Working Right .

Our Corporate IT Business Unit delivers reliable, durable, high performing products to our global partners. Working in an innovative space, you’ll develop high tech solutions that will fuel your advanced career skill set and empower you to own your career. Our integrated businesses demand the talents and creativity of individuals with a wide range of skills and experience.

This is an exciting opportunity in Columbus, Indiana for a Cybersecurity Vulnerability Analyst.

Your impact will happen in these and other ways:

  • Responsible for defining information security policies and procedures; ensures all information and data on computer systems is protected and all networks and computer systems are adequately secure to prevent unauthorized access; investigates potential security breaches and recommends corrective actions to resolve and/or prevent reoccurrences; responsible for promoting IT security awareness.

  • Performs event correlation using information gathered from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

  • Analyzes identified malicious activity and determines appropriate course of action in response to identified and analyzed anomalous network activity.

  • Analyzes existing processes, standards, policies and/or equipment and makes process improvement recommendations to managers ensuring compliance with laws, standards and policies while managing business risks.

  • Develops positive relationships with other business and IT functions involved in security and privacy matters.

  • Provides Information Security guidance to IT project teams and awareness throughout the organization.

  • Performs root cause analysis, and makes recommendations on changes for review by others.

  • Makes recommendations to enhance performance and improve security and privacy protection measures.

  • Maintains knowledge of applicable policies, regulations, and compliance documents.Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations.

  • Collects intrusion artifacts (e.g., source code, malware, trojans) and uses discovered data to enable mitigation of potential incidents within the enterprise.

  • Trouble-shoots moderately complex issues with existing security and privacy protection protocols.

  • Performs technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, and supporting infrastructure).Manages and administers the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense applications.

  • Conducts and/or supports authorized penetration testing on enterprise network assets.

Qualifications

  • Assess Solutions Against Established Standards - The ability to understand and assess proposed solutions in order to determine how closely they meet requirements and if they will deliver the desired business outcomes. The ability to understand the organization, and its readiness, to determine what is necessary to transition to the solution.

  • Audit Methodologies - The ability to inspect and evaluate an assertion of fact using a mixture of qualitative and quantitative analysis techniques. The ability to apply such techniques using appropriate judgment to produce accurate and consistent conclusions regardless of the nature of assertions being evaluated.

  • Risk Management - The identification, assessment, and prioritization of risks followed by coordinated response to minimize, monitor, and control the probability and/or impact of unfortunate future events.

  • Investigation - Able to lead a systematic and thorough process to learn the facts about something complex or hidden.

  • Troubleshooting - Able to diagnose and problem solve issues with computer hardware or software components with little or no direction. May require ability to install, configure, or disposition of server or client pc infrastructure and application issues.

  • Research - Able to conduct a process of steps used to collect and analyze information to increase our understanding of a topic or issue.

Skills and Experience Required:

  • Possess knowledge, experience and understanding of vulnerability management framework and process application.Possess advanced knowledge related to administration, operation, and application of vulnerability scanning technologies.

  • Detect, identify, and assess network vulnerabilities and system vulnerabilities based on cyber security vulnerability reporting cycles.

  • Characterize the risk associated with identified vulnerabilities based on the threat impact for a single or combined number of vulnerabilities.

  • Provide mitigation recommendations on how to eliminate or reduce risk factors based on architectural, network, hardware, firmware, and software configuration approaches.

  • Prioritize vulnerability finding notification based on the criticality (risk) score of a single or multiple composite vulnerabilities.

  • Coordinate with organizational and system stakeholders by tracking and reporting periodic (i.e. daily, weekly, etc.…) vulnerability analysis and vulnerability assessment results.

  • Perform system administration of vulnerability management systems that are used to perform automated and manual assessment methodologies, practices, and remediation.

  • Test, implement, and deploy the most recent vulnerability scanner configurations to increase the accuracy and improve analysis capabilities of vulnerability management technologies.

  • Research and present recommendations and approaches to enhance vulnerability remediation techniques.

  • Documented processes and operational processes, based on best practices to assist in the remediation of vulnerabilities.

  • Conduct troubleshooting of vulnerability system errors and assist or conduct repairs to return the vulnerability scanning system to service.

  • Develop and compose vulnerability management system standard operating procedure documentation using best practices.

  • Partner with colleagues to support Cummins project goals and objectives for safe and secure operations.

Education, Licenses, Certifications

College, university, or equivalent degree in Information Technology, Business or a related subject required. Certified Information Systems Security Professional (CISSP) certification strongly preferred

Compensation and Benefits

Base hourly rate commensurate with experience . Additional benefits vary between locations and include options such as our 401(k) Retirement Savings Plan, Cash Balance Pension Plan, Medical/Dental/Life Insurance, Health Savings Account, Domestic Partners Coverage and a full complement of personal and professional benefits.

Cummins and E-verify

At Cummins, we are an equal opportunity and affirmative action employer dedicated to diversity in the workplace. Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law. Cummins validates right to work using E-Verify. Cummins will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization.

Ready to think beyond your desk? Apply for this opportunity to start your career with Cummins today. careers.cummins.com

Not ready to apply but want to learn more? Join our Talent Community to get the inside track on great jobs and confidentially connect to our recruiting team: http://connect.find.ly/cummins

Job SYSTEMS/INFORMATION TECHNOLOGY

Primary Location United States-Indiana-Columbus-US, IN, Columbus, Goody's Building

Job Type Experienced - Professional / Office

Recruitment Job Type Professional - Experienced

Job Posting May 11, 2017, 7:52:19 AM

Unposting Date Ongoing

Req ID: 1700026E