Infor

The FedRAMP Sr Security Analyst will be joining the growing vulnerability management team. The team is responsible for monitoring all environments within Infor and collaborating with departments to implement fixes where vulnerabilities or threats are identified. 

The primary responsibility will be to implement and monitor the effectiveness of the security controls within the Infor Government Solutions (IGS) environment.

Your secondary responsibility will be to support the Vulnerability Management Team and the wider Infor Security Office team efforts.

A Day in The Life Typically Includes:

• Using vulnerability scanning tools to identify vulnerabilities in software, firmware, and systems. Your knowledge of modern exploits and exploitation techniques will be used to mainly research the following areas: Microsoft and Linux platforms, Open Systems platforms, Java, Adobe, Web Applications, Java web app virtualization platforms, Cloud concepts (AWS, Azure), Networking, Databases, and others.
• Call on your demonstratable technical security experience to assess security vulnerabilities (publicly and privately announced) to determine the risk to the environment based on severity and impact to our systems using industry-recognized security risk management methodologies. The audience your work with on a day-to-day basis are very technical, and mainly in the development and operations space.
• Working with department leadership and security leads to design corrective plans, mitigations, and full remediation actions when vulnerabilities have been identified.
• Understand and communicate attack chains to management and other stakeholders.
• Collaborate with infrastructure, application and area leads to test and validate security hotfixes and applied developer-provisioned patches.
• Work with the department leadership team to effect change where required and ensure that weaknesses identified within the environment are logged, tracked, and addressed within the service level agreements as part of our contract with the federal government.
• Communicating and presenting your assessment and recommended remediations to the senior management and supporting the SOC and cyber incident response team in vulnerability discovery tasks during crisis management.

Required skills:

• Operational experience with various Vulnerability Scanning tools, vulnerability management scanning and provide remediation advice.
• Knowledge of NIST 800-53 and ISO 27001 frameworks, SOC1 and 2 Audits.
• Experience with writing, tracking, monitoring, and remediating a Plan of Action & Milestones (POA&M) and the ability to maintain the Authorization to Operate (ATO) a Federal Risk and Authorization Management Program (FedRAMP).
• Demonstrate knowledge of Microsoft and Linux platforms, Open System platform, Virtualization platforms and Databases, and patch management.
• Experience developing and improving KPIs, metrics, and trending for vulnerability management functions.
• Automation experience through programming (Java, Python) and knowledge of Cloud concepts (AWS, Azure).
• Able to interpret Pen Testing results (SAR)

US Remote (Dallas, TX/St. Paul, MN/Alpharetta, GA)