Analyst, Vulnerability Management

At AES, we raise the quality of life around the world by changing the way energy works. Everyone makes an impact every day in our small, global teams. Apply here to start an extraordinary career today.

This hands-on role will serve as part of the AES Clean Energy Cybersecurity team, providing oversight and coordination of vulnerability management activities. This role will work with internal and external partners to assess security vulnerabilities, provide status reports, coordinate with all parties involved, and drive timely remediation.

Job Responsibilities

• responsibilities would include executing the remediation of vulnerabilities identified in a monthly report from Global Cyber security team while meeting the agreed upon SLA.
• Coordinate patch management with IT Teams to ensure timely remediation on discovered vulnerabilities.
• Create and execute monthly scans, monthly reports, document vulnerabilities, coordinate the remediation of discovered vulnerabilities with the InfoSec and IT teams.
• Implement, track, and drive improvements on Vulnerability scanning KPIs and SLAs.
• Review existing security controls to make an informed risk decision on discovered vulnerabilities.
• Report and track remediation status to leadership and stakeholders.
• Review compensating controls and ensure findings on vulnerabilities align to risk.
• Assist in the development and implementation of automated solutions to address daily manual tasks.
• Align process and outcomes to all applicable regulations and cybersecurity frameworks.
• Ability to quickly understand systems in order to identify and validate security vulnerabilities.
• Work analytically to solve both tactical and strategic problems within the vulnerability management program.
• Establish a rapport with other IT and InfoSec teams to mature the vulnerability management program and actively contribute and participate in team activities and planning that improving team skills, awareness, communication, reputation, and quality of work.
• Have an understanding of the broad regulatory landscape affecting AES CE business areas; remain current with emerging regulatory requirements as well as solution trends in the marketplace.
• Have an understanding of new technologies including but not limited to mobile and cloud technology.

Job Qualifications

• 5+ years of IT engineering experience in cloud, server, and/or network infrastructure
• 3+ years experience conducting vulnerability assessments
• 2+ years experience with AWS, Azure, or GCP security required
• Bachelor's degree in Computer Science, Information Systems, Management Information Systems, or other related field. Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
• Experience with Rapid7 InsightVM platform required
• Familiar with NIST
• Solid skills in Windows and Linux, Encryption and networking, and have in-depth knowledge and work experience with security best practices.
• Knowledgeable with token/certificate-based authentication, DNS, and AD structure.
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
• Accustomed to information security risk assessments processes
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision.
• Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
• Writing Signatures
• Scripting
• Patching

AES is an Equal Opportunity Employer who is committed to building strength and delivering long-term sustainability through diversity and inclusion. Respecting all backgrounds, differences and perspectives enables us to improve the lives of our people, customers, suppliers, contractors, and the communities in which we live and work. All qualified applicants will receive consideration for employment without regard to sex, sexual orientation, gender, gender identity and/or expression, race, national origin, ethnicity, age, religion, marital status, physical or mental disability, pregnancy, childbirth, or related medical condition, military or veteran status, or any other characteristic protected under applicable law. E-Verify Notice: AES will provide the Social Security Administration (SSA) and if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.

The expected salary for this position, at commencement of employment, is between $60.000 and $76.500/Annual; however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements such as annual bonus, in addition to a full range of medical, dental, vision, life, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if a candidate receives an offer of employment. If hired, employee will be in an "at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Safety comes first at AES. To protect the health and safety of our people, customers, communities and partners, and to provide and maintain a workplace that is free of known hazards, AES requires all newly-hired people or current AES people applying for U.S.-based role(s), to be fully vaccinated against COVID-19 or be willing to be fully vaccinated against COVID-19 by their date of hire. Except where prohibited by law or not specifically covered in a collective bargaining agreement, new hires and transfers will be required to provide proof of vaccination during onboarding and periodically thereafter. This policy will comply with all applicable laws and is based on guidance from the Centers for Disease Control and Prevention and local health authorities, as applicable.