Principal Risk Analyst

When you join Verizon

Verizon is one of the world's leading providers of technology and communications services, transforming the way we connect across the globe. We're a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward - and you can too. Dream it. Build it. Do it here.

What you'll be doing...

The Enterprise Vulnerability Management (EVM) organization is concerned with finding all vulnerabilities that exist across all of Verizon's line of businesses and work with system owners to ensure identified vulnerabilities are remediated or mitigated in accordance with EVM Standards and CPI 810.

The Principal Risk Analyst will focus on application layer vulnerabilities identified via various scan technologies with a primary focus on assessing risk and driving remediation efforts for identified Application Programming Interface(API) security vulnerabilities. It is critical that this individual apply a process-driven approach but equally important that they must be able to interact with multiple levels of leadership and build positive, collaborative working relationships across the enterprise.

• Developing API Enterprise Vulnerability Management framework.
• Developing definitions, measurement and reporting on operational and executive level KPI's.
• Assessing Risk Exposure and facilitate work efforts related API vulnerability remediation activities.
• Working with the application teams to perform security design/code reviews and vulnerability assessment.
• Working with and evolving the Security Operations toolsets and reporting to provide better vulnerability insight and create effective communications and reporting.
• Overseeing multi-departmental investigations into vulnerability impact or remediation and provide comprehensive analysis back to leadership.
• Following-up with application owners to ensure remediation efforts are consistent with SLA/policy and perform escalation for noncompliance.
• Presenting to cross-functional stakeholders and Sr. leadership to ensure the awareness of and ongoing success of the vulnerability reporting and management program.
• Mentoring less-experienced peers on advanced tools, techniques, and topics.
• Demonstrating exceptional problem-solving ability, extracting security-related information of interest utilizing large complex datasets.
• Keeping abreast of current cyber security and technology news and trends.
• Evaluating and operationalize new technologies for securing the environment.

Where you'll be working...

In this hybrid role, you will have a defined work location that includes work from home and assigned office days set by your manager.

What we're looking for...

You'll need to have:

• Bachelor's degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience in cyber-security and/or Security Operations.
• Experience in OWASP methodologies, documentation, tools, and technologies in the field of web application security.
• Experience in API Security tools (Crunch42 and Apigee).
• Knowledge of Software Development Life Cycle (SDLC) practices.
• Knowledge of software security frameworks.
• Experience in risk Management (performing assessments, designing controls, managing enterprise control frameworks).

Even better if you have one or more of the following:

• Experience in operating in a vulnerability management program
• Knowledge of security fundamentals and common vulnerabilities.
• Experience in the full stack of information technologies and associated security models - including server/OS, database, hardware, network devices, user compute, application/SDLC, cloud, etc.
• Knowledge of common security frameworks (SOX, NIST, FISMA, etc.)
• Experience in Multi-departmental project/program management.
• Experience in working with cyber security and vulnerability management at a large company.
• Strong analytical problem-solving skills, detail oriented and organized approach, excellent communication skills, and strong interpersonal skills.
• Ability to translate client and program needs into achievable requirements.
• Knowledge of compliance best practices and knowledge in implementing programs for maintaining compliance for a highly regulated business environment.
• Experience in working with a non-IT business segment.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don't meet every "even better" qualification listed above.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.