Security Analyst

Job Expired

About the job

About This Opportunity

As a Vulnerability Analyst at MillerKnoll, you will help reduce enterprise risk by identifying critical flaws in applications and systems. This role will drive vulnerability remediation efforts globally to increase the security posture of the organization. In addition, you will help measure the effectiveness of the organization’s security controls against known cybersecurity threats and vulnerabilities.

Individuals in this role are expected to participate fully in the planning of the AWS IT Security team’s work and constantly seek opportunities for continuous process improvement. Candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks. This role will provide career growth opportunities as you gain new security skills in the course of your duties.

What You’ll Do

You’ll have opportunities to speak up, solve problems, lead others, and be an owner every day as someone who . . .

  • Assist the security operations team as time permits.
  • Collaborate with key business partners on remediation strategies and provide guidance to lower/eliminate risk.
  • Conduct predetermined network vulnerability scans, identifying exploitable flaws in applications and operating systems.
  • Create and maintain role-specific documentation.
  • Drive maturity in the vulnerability management program through measurable results and positive engagement.
  • Identify opportunities to reduce the organization’s attack surface by analyzing vulnerability data and recommending remediation actions and security controls.
  • Interface with other business units such as Governance, Risk, and Compliance to communicate program status and overall vulnerability posture.
  • Manage the entire vulnerability lifecycle from discovery, triage, remediation, and validation.
  • Participate in the Change Advisory Board (CAB).
  • Participate in the information security on-call rotation, providing emergency support for security-related incidents.
  • Perform risk-based assessments of current and emerging security threats and vulnerabilities.
  • Prioritize and communicate vulnerability findings with technical and non-technical audiences.
  • Promote a positive security culture through knowledge sharing, influences, and conduct.
  • Provide input into the development of security policies and procedures.
  • Report and track vulnerability data, providing key metrics to quantity organizational risk.
  • Stay current with cybersecurity news and trends relevant to the business and industry.
  • Support the development of security automation to improve metrics such as mean time to remediate.

Sound Like You?

You might be just who we’re looking for if you have . . .

  • Bachelor in Computer Science, Information Systems, Cybersecurity, or Software Engineering
  • 4+ years of relevant experience in cybersecurity or information technology
  • 2+ years of hands-on experience with a vulnerability management tool such as Tenable, Qualys, or Rapid7.
  • Proficient in a scripting language such as Python, PowerShell, or VBA.
  • One or more technical or cybersecurity certification preferred (e.g., CISSP, CISA, CISM, CCSP, CRISC, CEH, Security+, GSEC, SSCP)
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, macOS, and Windows operating systems.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
  • Knowledge of products and nomenclature of major security vendors and how those products affect exploitation and reduce vulnerabilities.
  • Knowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list)
  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in designing countermeasures to identify security risks.
  • Skill in developing and applying security system access controls.
  • Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, etc.).
  • Skill in researching vulnerabilities and exploits utilized in traffic.
  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and visual means.
  • Ability to collaborate effectively with others.
  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • Identify fundamental common coding flaws at a high level.
  • Proficient in a scripting language such as Python, PowerShell, or VBA.

Who We Are

At Herman Miller, our unique culture represents the collective attitudes, ideas, and experiences of the people who work here. We focus on protecting the environment, impacting our communities, exceeding the expectations of our customers through high quality products, and championing diversity in all areas of the business, and together we are on a journey toward a better world. We support the well-being of our employees in and outside of work by providing a variety of opportunities including award-winning work-life integration resources, development programs, complex health and wellness offerings, and much more.

Herman Miller is a globally recognized provider of furnishings and related technologies and services. Headquartered in West Michigan, we have relied on innovative design for over 100 years to solve problems for people wherever they work, live, learn, and heal.

Herman Miller is committed to diversity and inclusion. We are an equal opportunity employer including veterans and people with disabilities.

Schedule

Full-time

Employee Status

Regular

Travel

Yes, 10 % of the Time

Shift

First

Work Schedule

8am-5pm

Primary Location

United States-Michigan-Zeeland

Other Locations

United States

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X