IT Security Vulnerability Analyst lll

Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different?

Posting Notes: Marlborough || MA

IT Security Vulnerability Analyst lll

What you’ll discover
• Inclusive culture and career growth opportunities
• Global IT Organization which collaborates across U.S., Canada, Europe and Australia, click here to learn more
• Challenging, collaborative, and team-based environment

What you’ll do
We are looking for an IT Security Vulnerability Analyst to join and supplement our Vulnerability Management Team. A successful Analyst can work effectively with IT stakeholders to provide technical and process guidance expertise across a broad range of vulnerability management work efforts

• As a Security Analyst you will use vulnerability identification tools and application security testing solutions to identify security vulnerabilities.
• In this role you will work with other IT Product and platform teams to perform infrastructure vulnerability scans, provide in-depth technical expertise and generate appropriate metrics.

• You will be responsible for analyzing scan results, engaging stakeholders to resolve identified vulnerabilities and provide remediation guidance.

• You’ll get to perform deep-dive analysis of new vulnerabilities leveraging data from various public and internal sources; and provide recommendations on how mitigation must be done.
• You will review and prioritize vulnerabilities based on severity along with assessing impact to assets at TJX
• You will a trusted partner for other Enterprise teams to assist in maintaining asset, configuration management and vulnerability databases.
• In this role you will also work closely with other Cybersecurity and IT Risk teams to mature the overall Vulnerability Management program

What you’ll need
Our Vulnerability Management Team is looking for a passionate individual who can work independently in an organized manner and communicate highly technical details effectively. We are looking for someone with strong technical skills and experience, as well as the ability to work calmly under pressure. A person with intellectual curiosity and willingness to learn will be successful in this role. They must act with integrity and take pride in their work

Qualifications 
• 5 years as an IT Security Vulnerability Analyst, or equivalent
• 5+ years’ experience in an Enterprise vulnerability management program
• Bachelor’s Degree in Computer Science, MIS, Information Security or related field, or equivalent experience

• Experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS)
• Experience with technical vulnerability assessments and techniques
• Thorough hands-on experience with vulnerability scanning tools: for example tools such as Qualys, Rapid7 -Nexpose, or Tenable – Nessus, etc. and service discovery tools – for example tools such as Nmap, Wireshark, etc.
• Experience evaluating threats and their impacts

• Exposure to Standards, Policies, and Legislation, e.g. ISO27001, NIST CSF, PCI DSS, FTC, etc.

• Familiarity with multiple endpoint operating systems and network devices
• Familiarity with configuration baseline standards such as CIS Benchmarks or DISA STIGs
• Knowledge of automation and orchestration tools like the ServiceNow Vulnerability Response module will be an added advantage

Pluses:
• Experience with Vulnerability Management and Configuration hardening in Cloud environments like Azure, AWS
• Experience with scripting languages or pen-testing tools
• Experience performing analytics and creating metrics from raw data
• Professional certification like CEH, GEVA, CISSP, OSCP, Security+ preferred
• Experience leading large remediation or transformation efforts involving multiple teams

Covid-19 vaccination is a condition of employment at TJX, subject to reasonable accommodation where required by law

Come Discover Different at TJX. From opportunity and teamwork to growth, we think you’ll find that it’s so much more than a job. When you’re a part of our global TJX family, you have the full support of a diverse, close-knit group of people dedicated to finding great deals and fantastic style. Best of all? They have a lot of fun doing it.

We care about our culture, but we also prioritize the tangible stuff (Competitive salaries: check. Solid benefits: check. Plenty of room for advancement: of course). It’s our way of empowering you to make your career here.

We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.

Posting Notes: Marlborough || MA