At Nielsen, we are passionate about our work to power a better media future for all people by providing powerful insights that drive client decisions and deliver extraordinary results. Our talented, global workforce is dedicated to capturing audience engagement with content - wherever and whenever it’s consumed. Together, we are proudly rooted in our deep legacy as we stand at the forefront of the media revolution. When you join Nielsen, you will join a dynamic team committed to excellence, perseverance, and the ambition to make an impact together. We champion you, because when you succeed, we do too. We enable your best to power our future. About Job: As a leader in global measurement and data analytics, Nielsen is committed to protecting the privacy of our panelists, associates, and the public. The Cybersecurity Analyst - Vulnerability Management will be a member of the Global Cybersecurity department reporting into the Cybersecurity Performance Management team and is responsible for the identification, assessment, measurement, monitoring, and reporting of risk and compliance through the program. Compliance & vulnerability management’s main objective is improving the identification and protection of Nielsen’s information assets. In this role you will get to work with industry tools and technologies needed to protect the organization from the latest cyber attacks. You will be responsible for performing detailed vulnerability assessments on new and current systems within the environment. Additionally, the analyst will be responsible for evaluating security alerts from internal/external sources and performing scans to determine Nielsen’s exposure to new threats. The candidate will be responsible for coordinating remediation on items with the application owners using established processes and escalating issues as appropriate. We are looking for a cybersecurity professional that will take charge, track and achieve established metrics, be innovative, collaborative, and drive efficiency with vulnerability response.
Responsibilities:
Security vulnerability and compliance assessments of Nielsen’s systems, threat impact analysis to identify new and existing vulnerabilities and drive the remediation process working closely with diverse technology teams.
Provide technical expertise across the life cycle of vulnerability management including asset management, scanning, threat prioritization, mitigating controls, analysis, and reporting.
Track and work with technical support teams for patching and remediation across Nielsen and report status of remediation to leadership.
Develop, manage and maintain databases, scripts, and workflows required to accurately report metrics of Nielsen’s vulnerability/threat landscape.
Support a coordinated response to complex cyber-attacks that threaten assets, intellectual property, networks and computer systems.
Act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups.
Partner with cybersecurity team members to build security automation and orchestration pipelines to expedite the eradication of threats to the network.
Conduct assessments for policy exception requests and provide approvals or denials.
Skills you will need:
A strong knowledge of vulnerability scanning tools.
A strong knowledge of security technologies and architecture coupled with network services, vulnerabilities and attacks. Knowledge of IDS/IPS, DNS, DCHP, DMZ architecture, Active Directory, Proxies, Cloud architecture technologies and VPNs to name a few.
Demonstrated experience in the discipline of vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and reporting.
The ability to develop, maintain, and continually improve the vulnerability management platform, processes, and technical assessment support.
An understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls.
Ability to collaborate extensively with engineering teams to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.
Qualifications:
A minimum of 5+ years of direct Information Security experience.
3+ years of direct experience in an Information Security role focused in Vulnerability Management, Incident Response, Threat Intelligence and/or GRC.
Having one or more security or audit certifications such as SANS/GIAC, CISSP, CEH, CISA a plus.
Desirable experience would include: Database and other Query languages such as mySQL and MSSQL, writing advanced SQL scripts and stored procedures, and/or developing in either python, ruby, or other programming languages.
Experience with ServiceNow Security Operations, Vulnerability Response, and GRC modules would be a plus.
Knowledge of common information security standards, such as: ISO 27001/27002, NIST CSF.
