Clicking on the following button will update the content below

Senior Analyst, Threat & Vulnerability Management
BrandBest Buy

The Threat & Vulnerability Management Program (TVMP) Senior Analyst independently manages team programs, projects, operations, and improvement initiatives in support of managing technical risk at scale across Best Buy. They work closely with IT and business groups to assist in the collection, analysis, and dissemination of vulnerability and configuration risk data. The Senior Analyst ensures that all business requests for service are dealt with promptly and professionally and that services are delivered according to the agreed schedule. They help manage stakeholder expectations and have responsibility for the business's satisfaction with how technical risk is managed.

The TVMP Senior Analyst will train and mentor analysts on systems and standard operating procedures, manage multiple operational scopes of technical risk responsibility, and consistently work to formalize and improve the technical risk management processes. They must have a solid technical security foundation and be agile, quick learners for both processes and technologies to help support TVMP technical assessment tools. The Senior Analyst needs to have a strong understanding of vulnerability and configuration risk identification, the critical business processes of Best Buy, and the systems that support them.

Core Responsibilities
Research / Analytics
• Review data and triage appropriately; understand vulnerabilities and misconfigurations, and make connections to broader potential threats
• Proactively review technical data, interpret results, and form data-driven opinions to make recommendations on risk
• Prioritize risk efficiently and appropriately; challenge assumptions and methodologies
• Work with internal teams to respond to vulnerabilities

• Assist in shaping, tailoring, and delivering final documentation to leaders/clients
• Assist in drafting reporting templates
• Organize reports based on existing data sets; update/maintain the contents of various existing reports or data sets
• Assist with determining which process and workflows should be utilized

• Create or revise process documents/SOPs utilized by internal teams
• Work with, and provide, day-to-day work direction to contingent workers on tasks, SOPs, etc.
• Develop and maintain cross-functional partnerships; build relationships across teams and anticipate client needs
• Build cross-functional capabilities to improve management of secure system configurations

Operations & Process Improvement
• Manage ongoing vulnerability and configuration Health compliance requirements
• Coordinate, execute, and deliver training sessions
• Maintain and organize operating procedure content on internal documentation sites
• Identify and understand potential vulnerabilities, gaps, or opportunities that may exist and communicate to leaders
• Provide recommendations on solutions to fix/close identified gaps

Required Experience
• 2+ years of experience working with vulnerability management and IT patching processes
• 2+ years of experience working with application-level vulnerability management
• 2+ years of experience in information technology, information security, or related fields
• 2+ years of experience with Windows, Linux, Unix, and/or mobile platforms
• 1+ years of experience with information security concepts, network architecture, hardware and software troubleshooting, and vulnerability/configuration management
• Strong written and verbal communication skills

Preferred Experience
• 2+ years of experience in Health-related security, including HIPPA and HITRUST
• 2+ years of experience working with secure systems configuration management
• 2+ years of experience designing or re-engineering business/IT processes
• Experience with cloud-based IT systems and related security risks/controls
• Experience with container-based IT solutions and related security risks/controls

Required Skills
Proficient understanding of:
• Operating systems
• Cloud-based systems
• Computing/networking
• Knowledge / use of security tools including vulnerability scanning tools, configuration monitoring tools, and IT/security workflow management

Auto Req. ID792379BR
Employment CategoryFull Time
Job CategoryEnterprise Risk/Information Security & Compliance
Job LevelIndividual Contributor
Location Number957473-105-Risk & Compliance
Address7601 Penn Avenue South


Clicking on the following button will update the content below