Vulnerability Threat Analyst (Tenable & SCCM)

#LI

Norfolk Southern Corporation, a Fortune 500 company, seeks a Vulnerability Management Analyst. The role requires an innovative communicator with strong interpersonal skills in order to establish relationships with business partnerships. Norfolk Southern works in a culture that inspires and motivates stakeholders to adopt new processes, people skills and behaviors, and technology changes for a customer-centric, operations-driven business.

Essential Functions

• Liaisons with the Client Technology Support group to identify end-user device vulnerabilities, research, mitigation plan preparations, and patching.
• Develops patching schedules and vulnerability remediation plans for the infrastructure and application development teams.
• Reviews patch release notes for 3rd party applications and infrastructure operating systems to determine compatibility, upgrades and remediation strategies.
• Monitors patch management installations and resolves configuration management issues.
• Reports patching activity results across a range of maintenance schedules to senior leadership levels.
• Assists business units with developing maintenance windows that meet requirements for patch cadence while reducing impact to normal business operations.
• Manages vulnerabilities and patching exemptions in a risk management solution.
• Works with software patch distribution vendors to resolve complex technical issues.
• Participates in routine audits of patching activity to confirm all updates are being applied and reported correctly.
• Communicates project goals, scope, and project team activities, while clearly communicating expectations.
• Tracks, manages, and reports on IT technical debt and assist in solutioning end-of-life scenarios.
• Contributes to the management and support of SCCM.

Skills

• Applies understanding of vulnerability management and mitigation and operating system and application patching.
• Displays understanding of Windows and Linux operating systems, endpoint applications, server and storage hardware and networking protocols.
• Strong experience with Windows server and workstation administration and support
• Proficiency with analyzing results of vulnerability management solutions such as Qualys and Tenable, creating reports, prioritizing, and mitigating identified vulnerabilities.
• Knowledge of Patch Management and Vulnerability Management, and the difference in processes needed to remediate vulnerabilities.
• An understanding of IT currency, hardware and software end-of-life, and methods for tracking, reporting, and addressing legacy technology.

Required Qualifications

• 5+ years experience in Vulnerability and Threat Analysis in Technology, Information Security or Cyber environments.
• Vulnerability application scanning experience with Tenable.
• PowerShell scripting experience for automating tasks.
• Patching experience with SCCM.

Preferred Qualifications

• Bachelor's Degree preferred within Information Systems, Computer Science, Engineering or related field.

Work Conditions

Office Remote, but the ideal candidate must be based within 60 miles Atlanta.

Shift Work: No

On-Call: Yes

Weekend Work: Yes

Norfolk Southern Corporation (NYSE: NSC) is a Fortune 300 organization and one of the nation's premier transportation companies. Its Norfolk Southern Railway Company subsidiary operates approximately 19,500 route miles in 22 states and the District of Columbia, serves every major container port in the eastern United States, and provides efficient connections to other rail carriers.

We are a team of more than 20,000 employees working together to maintain our reputation as "The Thoroughbred of Transportation." As an industry leader, Norfolk Southern offers a competitive salary and an excellent benefits package.

At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.

Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation and gender identity. Together, we power progress.

Don't just work here, Thrive here.