LastPass is looking for Vulnerability Assessment Analyst:
The LastPass security team is seeking a Vulnerability Assessment Analyst to join our team and help us ensure the security of our company and user's data. As a member of the Trust & Security team, you will work closely with other security professionals, as well as engineering teams, to identify, verify, prioritize, and assist in the treatment of vulnerabilities, in a joint effort to improve the overall security posture and reduce the attack surface. In addition, you will aid in the creation of a robust and effective vulnerability management program, enabling the organization to maintain the highest levels of security and compliance. Your role will be critical in developing a security and resilience-focused culture, as the organization strives to provide the most secure and trustworthy services to customers.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
You will be part of our Security Posture and Attack Surface Engineering & Research (SPASER) team, collaborating closely with the wider Trust & Security teams. Your focus will be to contribute to the ongoing development and enhancement of a robust and effective vulnerability management program, while also ensuring the execution of daily vulnerability assessment activities. Additionally, you will provide support and actively collaborate with other critical security functions, such as threat intelligence, incident response, detection and response, and security engineering. You will also closely collaborate with various engineering teams across the organization as part of vulnerability management operations, promoting the treatment of vulnerabilities and suggesting improvements to our security posture.
What are some of the exciting challenges you will be working on?
Conducting regular vulnerability assessments of the organization's information systems, networks, and applications, including on-premise and cloud-based, using both automated scans and manual assessment methods.
Analyzing and interpreting the results of vulnerability scans and assessments to identify potential risks, threats, and vulnerabilities that could impact the organization.
Creating clear and concise reports and communicating findings to key stakeholders, including IT, Platform and Software Engineering teams.
Working with the vulnerability treatment team and stakeholders to prioritize vulnerabilities based on the level of risk and the potential impact on the organization.
Work closely with other security teams, including incident response and threat intelligence, to identify and mitigate security risks and vulnerabilities across the organization.
Providing recommendations for strategies to mitigate and remediate identified vulnerabilities.
Verifying and validating the findings of vulnerability assessments, including false positives and false negatives.
Staying current on emerging threats, trends, and technologies related to vulnerability management and cybersecurity, and updating vulnerability testing methodologies accordingly.
Supporting the ongoing improvement of vulnerability management tools, including the selection, configuration, and fine-tuning of these tools to ensure that they are effective in detecting vulnerabilities and minimizing false positives.
Monitoring and tracking vulnerabilities status and trends over time.
Developing and maintaining metrics and reporting systems to track the effectiveness of the organization's vulnerability management program and identify opportunities for improvement.
Developing and maintaining strong partnerships with other security teams and non-security-related teams to support the development and execution of effective vulnerability management processes.
What does it take to work at LastPass?
Experience working in previous cybersecurity-related positions.
Passionate about cybersecurity, with a keen interest in vulnerability management and a talent for identifying security vulnerabilities.
Hands-on experience with vulnerability management tools, techniques, and methodologies.
Familiarity with cloud environments, emphasizing understanding of cloud-specific security controls and best practices.
High level of critical thinking and analytical mindset, coupled with a drive to continuously improve processes.
Ability to work autonomously with minimal supervision, exhibiting self-motivation to meet objectives and deliver results effectively.
Good written and verbal communication skills in English, with the ability to effectively communicate and collaborate with key stakeholders.
Team-player, hands-on and can-do attitude.
It's great, but not required:
Familiarity with OWASP vulnerability management and security testing guides/standards.
Cloud engineering/cloud security hands-on experience.
Cloud focused certifications such as AWS certifications or other specialty certification or similar.
Proficiency with scripting languages and programming languages commonly used in vulnerability management, such as Python, PowerShell, or Bash, is a nice to have for the development and maintenance of trade-craft tools.
#J-18808-Ljbffr