Security Vulnerability Metrics

**Job Title**:
**Security Vulnerability Metrics & Data Analyst**

**Job Category**:
Professional

**Department/Group**:
**Attack Surface Management**

**Position Type**:
Full time

**Location**:
Remote, Costa Rica

**Reports to**:
Director Attack Surface Management

Security Vulnerability Metrics & Data Analyst

Description

This role will establish and maintain regional and global reports in support of the Cloud and Application Attack Surface Management scope, embrace and integrate a threat-informed approach, and perform regular analytical reviews for the purpose of enhancing Experian’s Cloud and Application Attack Surface Management with intelligent, prioritized, and actionable transparency.
Functions
- This is an independent role, responsible for driving the development of vulnerability

management metrics, gathering feedback from senior leaders in the organization, and being
able to articulate metrics to senior leaders
- Evaluate and define functional requirements for vulnerabilities, flaws and misconfigurations

metrics
- Understand the end-to-end Cloud and Attack Surface Management metrics process

including metrics collection, tracking and reporting.
- Develop, maintain, and run advance reporting, dashboards, scorecard and analytical results
- Communicate metrics to system owners and business partners on outstanding

vulnerabilities, issues, and concerns.
- Develop and automate vulnerability metrics with specific procedures for data collection,

analysis and charting, partnering with necessary teams as appropriate.
- Determines requirements for technical solutions and tools to effectively implement

Vulnerability Metrics
- Maps metrics back to strategic objectives for providing insight into the effectiveness and

efficiency of Cloud and Attack Surface Management
- Develops vulnerability KPIs/metrics to demonstrate coverage and remediation effectiveness
- Develops program efficacy metrics to support platform stability and improvements.
- Review business and internal requests for new or vulnerability management reporting,

design the solution and develop metrics.
- Work with stakeholders to identify risk-based vulnerability management metrics that align with the security program and security risk management.
- Develop procedures to structure the metrics and reporting framework as part of a long-term strategy.
- Produce timely scoping documents outlining the requirements for business requests.
- Provide actionable recommendations to critical stakeholders based on data analysis and findings related to vulnerability management processes requiring reporting.
- Aggregating vulnerability data across technologies such as endpoints, servers, network equipment, and cloud and interpreting and presenting risk.

Position Requirements
Formal Education & Certification
- Four-year college diploma or university degree in computer science or computer

engineering, and/or 5 years equivalent work experience.
Knowledge & Experience
- 5+ related experience in Cyber Security/Information Security and Vulnerability

Management reporting.
- Experienced in tools like SQL, Tableau, MS Excel etc.
- Experienced with collaboration tools such as JIRA, ServiceNow, Confluence etc.
- Understanding of end-to-end security metrics process including metrics collection,

tracking and reporting, including ownership and responsibilities for each activity.
- Understanding of Common Vulnerability Scoring System (CVSS), including calculations.

and implications of base, temporal, and environmental scoring factors.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data

from various sources for the purposes of detailing results and analyzing findings to
provide sophisticated threat intelligence.
- Familiarity with architecture, engineering, and operations of one or more vulnerability

management tools, such as Wiz, Qualys, Rapid7 and ServiceNow.
- Ability to provide creative solutions to complex problems.
- Ability to clearly communicate risk of vulnerabilities to all levels within an organization.
- Knowledge of major cloud platforms (AWS, Azure, or GCP).
- Ability to manage, organize, analyze, and present substantial amounts of data
- Experience with large scale and complex environments.
- A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies.
- Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management and security and controls.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner.

Personal Attributes
- Excellent interpersonal skills and strong verbal and written communication.
- Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business.
- Outstanding writing and documentation skills.
- Strong organizational skills with proven ability to manage mu