"Alerted.org

Job Description

Collaborate with the Information Security team and IT, OT, and asset owners to reduce cyber risk by identifying, prioritizing, and remediating vulnerabilities across the Cooperative’s IT and Operational Technology (OT) environments, including manufacturing systems, industrial control systems (ICS), and plant networks.

Job Duties and Responsibilities:

+ Own day-to-day execution and continuous improvement of the Vulnerability Threat Management (VTM) program

+ Identify, analyze, prioritize, and track vulnerabilities across endpoints, servers, network devices, cloud workloads, Webservers and OT/manufacturing assets

+ Analyze vulnerability data in the context of exploitability, asset criticality, business impact, and OT safety and availability constraints

+ Coordinate remediation efforts with IT infrastructure, application owners, plant engineers, and operations teams, ensuring clear ownership and tracking

+ Apply risk-based vulnerability management in environments where patching may be constrained by uptime, safety, regulatory, or vendor limitations

+ Develop and maintain vulnerability dashboards, KPIs, and executive-level metrics to measure risk reduction and remediation effectiveness

+ Ensure vulnerability management processes align with internal security standards, policies, and risk management practices

+ Evaluate and continuously improve vulnerability management tooling, scanning coverage, asset visibility, and data quality

+ Collaborate with cross-functional teams to promote secure configuration, patching best practices, and sustainable risk reduction

+ Identify and implement automation opportunities to improve remediation efficiency, workflow integration, and reporting accuracy

+ The requirements herein are intended to describe the general nature and level of work performed by employee, but is not a complete list of responsibilities, duties, and skills required. Other duties may be assigned.

Requirements

Minimum Requirements:

_Education and Experience_

+ Bachelor’s degree in information technology, Computer Science or related field preferred, or equivalent combination of education, certifications, and hands-on vulnerability management experience may be considered in lieu of a degree

+ 3 or more years’ experience with a strong focus on vulnerability management, specifically experience:

+ managing the full vulnerability lifecycle

+ interpreting vulnerability data using CVEs, CVSS, exploitability, and threat intelligence

+ coordinating remediation across infrastructure, endpoint, network, application, and cloud teams

+ developing and maintaining vulnerability metrics, dashboards, and executive-level reporting

+ aligning vulnerability management activities with security frameworks such as NIST-800-53

+ supporting enterprise vulnerability scanning platforms

+ managing external service providers

+ working with Operation Technology devices in manufacturing

+ implementing and managing enterprise vulnerability scanning platforms

+ integrating vulnerability management with ticketing, workflow, or ITSM platforms

+ leveraging Microsoft Defender for Endpoint for vulnerability and exposure management

+ working in the Dairy, Food and Beverage or Consumer Products industry

+ Exposure to OT, ICS, or manufacturing environments preferred

_Knowledge, Skills, and Abilities_

+ Vulnerability lifecycle management: discovery, analysis, prioritization, remediation, and risk acceptance

+ Risk-based vulnerability prioritization using CVEs, CVSS, exploitability, and threat intelligence

+ Vulnerability exception handling and compensating control assessment

+ Vulnerability aging, SLA management, and remediation tracking

+ Understanding of secure configuration, patching, and baseline compliance

+ Familiarity with hybrid and cloud environments (Azure, AWS, or equivalent)

+ Knowledge of endpoint and server hardening best practices

+ Skill in critical thinking, analysis, mathematical calculations, and statistical evaluations

+ Able to translate technical vulnerabilities into business and operational risk

+ Able to communicate clearly and effectively, both verbally and in writing

+ Able to apply technology solutions to business problems

+ Able to work with accuracy and attention to detail

+ Able to work in collaboration effectively and foster good teamwork

+ Able to present ideas using language that is relatable to business and end-users

+ Able to consider impact of actions and decisions on employees, coworkers, and customers

+ Able to multi-task and problem solve

+ Able to work independently and as part of a team

+ Able to prioritize and meet deadlines

+ Able to promote a team environment

+ Able to present to diverse audiences from front line team members to senior management

+ Able to perform task and duties without constant supervision

+ Able to read, write, and speak English

An Equal Opportunity Employer including Disabled/Veterans