** Remote Opportunity in the following states: Illinois, Indiana, or Missouri **
WHAT YOU'LL DO
The Senior IT Security Analyst has broad oversight over the Threat & Vulnerability Management Program. This includes responsibilities of administering the TVM solution, identifying and risk assessing vulnerabilities, reporting on key metrics, and collaborating across business units to effectively remediate identified threats and ensure that all compliance responsibilities are met or exceeded.
Through partnerships, security analysts are expected to assist with strategic initiatives for short-, as well as, long-term plans to identify and reduce the attack surface across applications and systems using collaborate approaches driven by the security team strategy.
Leverage diverse communication styles to inform and advise business unit partners and executive leadership on enterprise risks to drive results in better securing operations.
WHAT YOU'LL BRING
Proficient with vulnerability management solutions such as Rapid7, Qualys, Nexpose, Nessus, open source.
Experience hardening system images and implementing governance programs to manage deployment of infrastructure components.
Understanding of Windows operating systems, networking protocols, and devices.
Experience conducting organization-wide vulnerability scanning and remediation processes.
Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface.
Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO).
Capable of scripting in Python, Bash, Perl, RegEx or PowerShell.
Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
Self-starter requiring minimal supervision.
Excellence in communicating business risk and remediation requirements from assessments.
Analytical and problem-solving mindset.
Highly organized and efficient.
Demonstrated strategic and tactical thinking.
Manage vulnerability across applications, endpoints, databases, networking devices, and mobile, cloud, and third-party assets.
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
Document, prioritize, and formally report asset and vulnerability state, along with remediation recommendations and validation.
Communicate vulnerability results in a matter understood by technical and non-technical business units based on risk and threat to the business, and gain support through influential messaging. Generate periodic reporting for both technical remediation efforts and non-technical executive reporting.
Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
Maintain tools and scripts used in asset discovery and vulnerability status.
Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
Work closely with infrastructure teams to advice and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.
Provide support to business units launching new applications or infrastructure to verify that new products/offerings are not at risk of misconfiguration, compromise, or information leakage.
Periodically attend and participate in change management policy discussions and meetings.
Regularly research and learn new TTPs in public and closed forums, and work with colleagues to access risk and implement/validate controls as necessary.
Cross-train on other core security platforms (i.e. SIEM administration).
Assist with Security Operations activities, including but not limited to, triage of alarms/alerts and perform technical security assessments.
Perform other duties as assigned.
WHY IT MATTERS
Vulnerability management is a cornerstone element in protecting our organization. Both legacy and present-day systems and applications present weaknesses that can be exploited by external threat actors and potentially lead to a breach. An effective TVM program helps to ensure that vulnerabilities are correctly prioritized and remediated thus limiting our organization's attack surface and hardening our environment against would be attackers.
Your role is essential in creating effective working relationships across Busey business units and IT departments, evangelizing security, and ensuring that effective collaboration is occurring leading to IT Security's desired outcomes.
EDUCATION & TRAINING
(Preferred) Bachelor's degree in computer science information assurance, MIS or related field, or equivalent.
On-the-job training in relevant roles relating to information security, threat and vulnerability management, system administration, or equivalent.
Preferably, one of the following: Security+, CySA+, CRISC, CCRMP, or CISA; or willingness to pursue a certification within the first six months of hire.
At least 3-5 years' experience in information security administration, vulnerability management, security operations, or system administration.
Busey believes that diversity and inclusion among our teammates is critical to our success as a company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.
Equal Opportunity Employment is a priority for Busey and all qualified applicants will receive consideration regardless of race, color, religion, national origin, genetic information, sex (including pregnancy), age, sexual orientation, gender (including gender identity and expression), marital status, military status, veterans status, citizenship status, disability, order of protection or any other characteristic protected by applicable law or other non-merit based factors.
Internal Number: SENIO03283
As of June 30, 2019, First Busey Corporation (Nasdaq: BUSE) was a $9.61 billion financial holding company headquartered in Champaign, Illinois.
Busey Bank, a wholly-owned bank subsidiary with total assets of $7.66 billion as of June 30, 2019, is headquartered in Champaign, Illinois and has 44 banking centers serving Illinois, 13 banking centers in the St. Louis, Missouri metropolitan area, five banking centers serving southwest Florida and a banking center in Indianapolis, Indiana. Through the Busey Wealth Management division, the Company provides asset management, investment and fiduciary services to individuals, businesses and foundations. As of June 30, 2019, assets under care were approximately $7.47 billion. Busey Bank owns a retail payment processing subsidiary, FirsTech, Inc., which processes approximately 28 million transactions per year using online bill payment, lockbox processing and walk-in payments at its 4,000 agent locations in 43 states. More information about FirsTech, Inc. can be found at firstechpayments.com.
Busey Bank was named among Forbes' 2019 Best-In-State Banks—one of five in Illinois and 173 from across the country, equivalent to 2.8% of all banks. ...Best-In-State Banks are awarded for exceptional customer experiences as determined by a survey sample of 25,000+ banking customers who rated banks on trust, terms and conditions, branch services, digital services and financial advice.
TheBANK of Edwardsville, a wholly-owned bank subsidiary of the Company with total assets of $1.95 billion as of June 30, 2019, is headquartered in Edwardsville, Illinois and has 19 banking centers. Through TheBANK of Edwardsville Wealth Management division, the Company provides asset management, investment and fiduciary services to individuals, businesses and foundations. As of June 30, 2019, assets under care were approximately $1.50 billion.
For more information about us, visit busey.com and 4thebank.com.