University of Rochester

University of Rochester logo

Job Information

University of Rochester Sr Vulnerability Mgmt Analyst - 231472 in Rochester, New York

Sr Vulnerability Mgmt Analyst Job ID 231472

Location Central Administration Full/Part Time Full-Time Favorite Job Regular/Temporary Regular Opening

Full Time 40 hours Grade 054 University IT / IS


8 AM-5 PM



The Senior Vulnerability Management Analyst conducts assessments of systems and networks to detect threats and vulnerabilities; determines acceptable deviations from standard configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. The Senior Vulnerability Management Analyst measures the effectiveness of defense-in-depth architecture against known vulnerabilities and assists with the reporting and communication of risks to stakeholders throughout the organization.


Performs technical and nontechnical risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

Organizes data and runs reports using deployed security tools that identify technical and procedural findings, and provides recommended remediation strategies/solutions.

Consults with customers to assess needs and makes recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Provides information and assessments for the purposes of informing leadership and customers, developing and refining objectives, supporting operation planning and execution, and assessing the effects of operations.

Suggests solutions to reduce waste or inefficiencies in operations.

Maintains knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.

Provides current intelligence support to critical internal/external stakeholders as appropriate.

Maintains vulnerability management toolkit (e.g., vulnerability scanner software and hardware).

Identifies collection gaps and potential collections strategies for targets.

Conducts and/or supports authorized penetration testing on enterprise network assets.

Other duties as assigned.


Minimum Education Required

  • Bachelor's degree in related discipline such as Computer Science, Business, Mathematics, Statistics, Science or Engineering

    Experience Required

  • 3-4 years of related experience;

  • Supervisory experience;

  • Or equivalent combination of education and experience

    Knowledge, Skills & Abilities Required

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

    Knowledge, Skills & Abilities Preferred

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

  • Excellent verbal and written communication skills. Demonstrated attention to detail.

  • Ability to work under pressure and handle multiple priorities simultaneously.

  • Knowledge of cyber threats and security vulnerabilities.

  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).

  • Knowledge of cybersecurity and privacy principles and requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

  • Knowledge of system and application security threats and vulnerabilities

    How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled