Cyber Threat Vulnerability Specialist

Cyber Threat Vulnerability Specialist

​Legal & Administrative Services​

Puerto Rico 

General Responsibilities

• Designs and implements the infrastructure (on-prem and cloud based) needed to provide Cyber Exposure Management services. • Ensures that all systems are working at optimal levels and offers support to application development department regarding new technologies and system requirements. • Provides technical leadership to ensure the security of information exchanged between internal departments, and external clients. • Ensures optimum performance, scalability, and usability of cyber exposure management tools. Knowledge of static and dynamic code analysis. • Analyzes vulnerability scan results using appropriate scanning tools or platforms to identify potential security weaknesses and vulnerabilities across the organization's systems, applications, and infrastructure. Reviews findings, evaluates vulnerabilities severity, and prioritizes them based on the environment risk levels. • Ensures the effectiveness, accuracy, and reliability of identifying security vulnerabilities by regularly reviewing scan credentials, performance optimization, agent status, and any other type of vulnerability scanning tool related maintenance. • Recommends and oversees the execution of remediation plans to address identified vulnerabilities. Collaborates with relevant teams, such as system administrators, network engineers, database administrators, or application owners, to ensure timely and effective mitigation or remediation of vulnerabilities. • Keeps up to date with the latest security vulnerabilities (including Zero-Day threats), advisories, and best practices. Performs research and analysis of vulnerabilities specific to the organization's technology stack, platforms, or industry, understanding their potential impact and providing recommendations for mitigation or remediation. • Collaborates in generating reports and metrics on vulnerability assessments, including vulnerability status, trends, and progress. Documents vulnerabilities, remediation actions, and their outcomes to maintain accurate records and provide visibility into the organization's Cyber Exposure Management efforts. • In the event of a security incident or breach related to vulnerabilities, the resource may provide support to incident response teams. Assists in analyzing the impact of the incident, identifying vulnerabilities that may have been exploited, and helping with the restoration or recovery process. • Performs compliance assessment across different types of systems (Servers, hypervisors, Network Devices, DB, etc.), and analyzes the findings. Special focus on Unix and Linux systems. • Able to create and maintain scan policies/templates according to the type of security assessment needed. This includes ad hoc scan policies for Zero Day vulnerability detection. • Able to perform web application scans, analyze findings, and communicate recommendations for remediation. • Assists in Technical group assignments based on the type of vulnerability identified. • Assesses the functionality of our current scanning tool to ensure that they are at capacity to meet audit requirements (scans must be complete and accurate, agents must be online and updated, scanners are online, plugins are updated, etc.). • Investigates potential false positive and false negative cases. • Collaborates with cross-functional teams, including system administrators, network engineers, application owners, and other stakeholders involved in cyber exposure management. They communicate effectively to ensure proper coordination of vulnerability management activities, provide guidance on remediation efforts, and facilitate the resolution of security issues. *Availability to work outside of standard office hours - as needed. 

Performs duties through methods and actions that are consistently ethical and in total compliance with the laws, applicable regulations, Code of Ethics, corporate policies and guidelines and rules of conduct. Completes corporate trainings and certifications intended for the detection and prevention of money laundering related activities and fraud, insider training and conflict of interest policies and procedures, as applicable.

Education and Experience Required

• Bachelor's degree (B. A.) in Computer Information Systems, Computer Science (MS preferred) or related area from a four-year college or university. • Engineering Degree or MS in Computer Sciences (preferred). • Certifications: CEH, CISM, CISSP, CompTIA Security+, GIAC Certified Unix Security Administrator (Preferred but not required) • Minimum of five (5) years of experience working in Cyber Security, Windows/UNIX/Linux/Network Devices Administration, Cloud Security, PCI DSS, Hardening, Web • Application Security, CI/CD, and or Vulnerability Management process. • Programming and API experience desirable. 

Knowledge and Skills Required

• Must be able to work independently as well as a part of a team in a highly intensity environment, requiring high organizational skills. • Must demonstrate analytical, logical, and reasoning skills. • Knowledge regarding the use of vulnerability scanning tools, vulnerability analysis, and remediation. • Experience creating scripts (Python) and using APIs (able to learn configuration requirements of vulnerability scanning and web application scanning tools). • Proficiency in MS Office Tools: Power BI, must be able to create VLOOKUPS and Pivot Tables. • Experience performing compliance checks scans and/or knowledge of a hardening process with a Unix/Linux focus. • Linux servers' administration. • Familiar with web technology. • Familiar with the different network protocols. • Must be able to meet stringent deadlines in a consistent manner. • Vulnerability Management Cycle, Hardening, WAS, PCI DSS • Must be fluent in English • Strong communication skills • Customer-centered • Problem-solving • Proactive 

Additional Information

Lunes a Viernes 8:00 am-5:00 pm 

Available to work extended hours, weekends and/or holidays as needed and the availability to travel as required supporting projects in the region. 

“Evertec Group, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, pregnancy, marriage, sexual orientation, gender identity, national origin, age, genetic information or condition, political affiliation, religious ideology, being a victim or perceived victim of domestic violence, sexual assault, or harassment, serving or having served in the Armed Forces of the United States, disability status, or any other protected category by Puerto Rico or US Federal law. EEO is the Law Poster. If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, please contact the People & Culture Department in advance at (787) 759-9999 or send an email to talentacquisition@evertecinc.com in order to accommodate your special needs. Evertec is an employer with E-Verify to verify the eligibility for employment of all the new employees. Participation Poster. Drug-free company. Equal Employment Opportunity/ Affirmative Action for Women/Veterans/People with Disabilities.”