Asset and Vulnerability Analyst
Asset and Vulnerability Analyst
Office of Information Technology
Under the supervision of the Associate Director of Information Security, the Asset and Vulnerability Analyst will be responsible for systems inventory tracking, testing and deployment of all software updates and patches, and vulnerability assessment, reporting, and resolution.
Day-to-day responsibilities include monitoring and managing a variety of systems using active and passive tools. Other responsibilities include developing a knowledge base of currently installed patches and understanding how to test and deploy future patches. The Asset and Vulnerability Analyst will work directly on information security concerns and must be mindful of the impact of patches and updates on system functionality, asset standardization, documentation of changes, and record keeping for auditing purposes.
The Asset and Vulnerability Analyst must have the capability to work closely with team members from the Office of Information Technology, as well as academic and administrative partners throughout the campus. The position requires planning, prioritizing, and organizing a diversified workload.
Essential Job Duties
- Develop an up-to-date inventory of all production systems through a combination of active & passive asset management
- Responsible for third party software, Antivirus solution, OS, and security patching of endpoints (Windows & Macs) Patch management tasks include: maintaining current knowledge of available patches, deciding what patches are appropriate for systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures.
- Performs ad hoc and scheduled patch deployments
- Responsible for standardizing operating systems on endpoints to the same version type
- Thorough testing of patches in a non-Production environment. Must be able to think ahead to avoid business outages based on the lab results.
- Compare reported vulnerabilities against inventory. Provide regular reporting on patch management program and overall operation status of patch compliance
- Performs necessary rollbacks, investigations, and troubleshooting when patch deployments fail or return errors.
- Assist in security, vulnerability, or patch-related incident response activities. Participate in routine audits to record patch levels and create reports to meet compliance.
- Proficiency working with Windows and Mac operating systems.
- Experience installing and configuring computer systems and applications.
- Excellent record management skills.
- Ability to keep up with the latest OS/application updates. Candidate must have a willingness to gain knowledge and skills to improve job performance.
- Knowledge of the following software is a plus: WSUS, PDQ Inventory, PDQ Deploy, Antivirus Software.
- Must be able to work onsite or remotely as needed.
- Moderate physical activity. Requires handling of average-weight objects up to 25 pounds on occasion. Work is normally performed in a typical remote/office work environment setting.
Prerequisites Required for Position
Minimum Education Requirement
- High School Diploma or GED.
Minimum Work Experience
Preferable 1-2 years of experience directly related to the duties and responsibilities specified.
- A+, Security+ certifications preferred but not required.
This is not an exhaustive list of all responsibilities, duties and/or skills required for this position. The University reserves the right to amend and change responsibilities to meet organizational needs.