What are the responsibilities and job description for the Cybersecurity Vulnerability Analyst position at Procare Solutions?
About Procare
For over 30 years, Procare Solutions has been dedicated to empowering early childhood educators by providing products and services that enable them to focus on the care, safety and education of children. We recognize the responsibility that comes with nurturing and educating children, which is why our child care management solutions are designed to automate business processes, help ensure safety and compliance, communicate with families and provide educational resources and training to help teachers and children thrive.
Over 40,000 satisfied customers have chosen Procare Solutions as their trusted partner in providing exceptional care for young minds.
A Little About The Role
The Cybersecurity Vulnerability Analyst will report to the Director of Security and Compliance as part of the Corporate cybersecurity team. This role is a matrixed position that will be aligned with the other business groups including Technology Infrastructure, and Cloud teams on prioritization and implementation of Cybersecurity initiatives across the Procare organization and environments.
The Cybersecurity Vulnerability Analyst is responsible for identifying, assessing, and mitigating security risk within an organization’s technology infrastructure. This role involves leveraging advanced security tools to detect vulnerabilities and threats, ensuring Procare’s systems are protected against potential cyber-attacks.
The Cybersecurity Vulnerability Analyst will verify adherence of corporate, network and cloud security controls, support implementing strategies to ensure that Procare’s applications and platforms are compliant with security compliance and standards such as PCI-DSS, PCI-SAQ-D, SOC2 Type II, FERPA, NIST CSF. Collaborate with the Compliance and Privacy team providing required reports for compliance audits. Additionally, this position will participate in on-call rotation for security incidents.
This role is critical in safeguarding an organization’s digital assets and ensuring robust cybersecurity posture through proactive identification and mitigation of security threats and vulnerabilities.
The successful candidate will bring a strong passion for cybersecurity, teamwork and use prior experience, insights, and knowledge to help contribute to Procare’s cybersecurity objectives and directives.
Vulnerability Assessments
What You Will Do
vulnerabilities and risks to Procare’s environments and applications
Monitor the threat landscape and advise on emerging security threats, attack
vectors and methodology and risk to the origination
Participate in the Cybersecurity Incident Response (CISRT) process, tickets, reports
and root cause analysis (RCA)
products and environments
Continuously monitor security alerts for suspicious activities or anomalies that may
indicate a security incident
Participate in deployment of proactive security monitoring and alerting capabilities
Communicate insight to strategic security initiatives to improve capabilities through
automation, process enhancement, and analyst
Identify improvement opportunities and provide recommendations for best practice
process improvements and process automation
Validate security standards and benchmarks for hardware and Operating Systems
Administrative tasks as needed
Maintain vendor relationships
which may include 24x7 on-call support rotation or as needed
Our Ideal Candidate Will Have
BA/BS degree or 3 years' of experience in cybersecurity or combination of
education and relevant experience
Experience working in an incident Response/Cybersecurity operations center (inhouse
or outsourced), creating escalating, and managing security incidents and
creating incident reports
2 years' of working with security tools such as vulnerability management solutions
like Qualys, Rapid7, Tenable
Strong focus on ensuring accuracy in reporting
CSA, SSCP, CSOP)
Solid understanding of system & security controls on at least two OS’s (Windows,
Linux / Unix, and MacOS (Advantage), including host-based forensics and
experience with analyzing OS artifacts
Strong understanding of network security concepts, security protocols, and
cybersecurity best practices
Experience with security tools and technologies, such as firewalls, intrusion
detection / prevention systems, and SIEM systems
Experience with creation of management dashboards for leadership team
Ability to analyze security logs, network traffic, and other data sources to identify
security treats
Strong problem-solving and analytical skills
Knowledge of implementation of the AWS architected framework with an emphasis
on the security pillar
Strong verbal and written communication skills; ability to drive discussions and
influence decision making; strong presentation and reporting skills
Participation in more than one full SOC2 and/or PCI-DSS audit cycle (Advantage)
Experience in Agile development methodologies using JIRA
Prior experience with security tools such as Qualys, Rapid7, Splunk, CrowdStrike
Falcon, Nessus, Kali, BurpSuite
Excellent communication and interpersonal skills
Ability to excel in a rapidly changing environment
Ability to multitask high priority projects
Ability to work independently and as part of a team.
Why Procare?
$100,000-$125,000/year DOE
Location
This position is based in our Denver, CO office. We are currently in a hybrid in-office/remote working model based on business needs.
For over 30 years, Procare Solutions has been dedicated to empowering early childhood educators by providing products and services that enable them to focus on the care, safety and education of children. We recognize the responsibility that comes with nurturing and educating children, which is why our child care management solutions are designed to automate business processes, help ensure safety and compliance, communicate with families and provide educational resources and training to help teachers and children thrive.
Over 40,000 satisfied customers have chosen Procare Solutions as their trusted partner in providing exceptional care for young minds.
A Little About The Role
The Cybersecurity Vulnerability Analyst will report to the Director of Security and Compliance as part of the Corporate cybersecurity team. This role is a matrixed position that will be aligned with the other business groups including Technology Infrastructure, and Cloud teams on prioritization and implementation of Cybersecurity initiatives across the Procare organization and environments.
The Cybersecurity Vulnerability Analyst is responsible for identifying, assessing, and mitigating security risk within an organization’s technology infrastructure. This role involves leveraging advanced security tools to detect vulnerabilities and threats, ensuring Procare’s systems are protected against potential cyber-attacks.
The Cybersecurity Vulnerability Analyst will verify adherence of corporate, network and cloud security controls, support implementing strategies to ensure that Procare’s applications and platforms are compliant with security compliance and standards such as PCI-DSS, PCI-SAQ-D, SOC2 Type II, FERPA, NIST CSF. Collaborate with the Compliance and Privacy team providing required reports for compliance audits. Additionally, this position will participate in on-call rotation for security incidents.
This role is critical in safeguarding an organization’s digital assets and ensuring robust cybersecurity posture through proactive identification and mitigation of security threats and vulnerabilities.
The successful candidate will bring a strong passion for cybersecurity, teamwork and use prior experience, insights, and knowledge to help contribute to Procare’s cybersecurity objectives and directives.
Vulnerability Assessments
What You Will Do
- Utilize tools like Qualys to conduct regular vulnerability scans across Procare’s networks, servers, and applications
- Identify and prioritize vulnerabilities based on risk levels and potential impact
- Employ DAST solutions to monitor and analyze application security, detecting potential threats and vulnerabilities in real-time
- Utilize tools like Veracode to perform static and dynamic application security testing (SAST & DAST) to identify security flaws in software applications
- Collaborate with development teams to remediate identified vulnerabilities in the application code
- Leverage security tools for in-depth testing of all public facing web applications, including identifying issues like SQL injection, Cross-site Scripting (XSS) and other OWASP top 10 vulnerabilities
- Conduce penetration testing to simulate attacks and evaluate the effectiveness of deployed security controls
- Generate detailed reports on identified vulnerabilities and security incidents.
- Work closely with IT and development teams to implement remediation strategies and fix identified issues
- Ensure compliance with industry standards and regulations through regular audits and assessments
vulnerabilities and risks to Procare’s environments and applications
Monitor the threat landscape and advise on emerging security threats, attack
vectors and methodology and risk to the origination
Participate in the Cybersecurity Incident Response (CISRT) process, tickets, reports
and root cause analysis (RCA)
- Participate in the investigation and respond to security incidents, analyzing the root cause, mitigating the impact, and coordinating implementing corrective measure
- Provide accurate and detailed incident reports, security assessments, and other documentation related to security activities
- Work with other groups and teams to ensure effective security measures and incident response
products and environments
- Update monthly security KPI metrics for distribution to the leadership team
Continuously monitor security alerts for suspicious activities or anomalies that may
indicate a security incident
Participate in deployment of proactive security monitoring and alerting capabilities
Communicate insight to strategic security initiatives to improve capabilities through
automation, process enhancement, and analyst
Identify improvement opportunities and provide recommendations for best practice
process improvements and process automation
Validate security standards and benchmarks for hardware and Operating Systems
Administrative tasks as needed
Maintain vendor relationships
- Keeping abreast of new features and tooling improvements for continuous program improvement and expansion.
- Work internal and external auditors during security audits and assessments to ensure compliance
which may include 24x7 on-call support rotation or as needed
Our Ideal Candidate Will Have
BA/BS degree or 3 years' of experience in cybersecurity or combination of
education and relevant experience
Experience working in an incident Response/Cybersecurity operations center (inhouse
or outsourced), creating escalating, and managing security incidents and
creating incident reports
2 years' of working with security tools such as vulnerability management solutions
like Qualys, Rapid7, Tenable
Strong focus on ensuring accuracy in reporting
- Takes and implements information correction the first time.
CSA, SSCP, CSOP)
Solid understanding of system & security controls on at least two OS’s (Windows,
Linux / Unix, and MacOS (Advantage), including host-based forensics and
experience with analyzing OS artifacts
Strong understanding of network security concepts, security protocols, and
cybersecurity best practices
Experience with security tools and technologies, such as firewalls, intrusion
detection / prevention systems, and SIEM systems
Experience with creation of management dashboards for leadership team
Ability to analyze security logs, network traffic, and other data sources to identify
security treats
Strong problem-solving and analytical skills
Knowledge of implementation of the AWS architected framework with an emphasis
on the security pillar
Strong verbal and written communication skills; ability to drive discussions and
influence decision making; strong presentation and reporting skills
Participation in more than one full SOC2 and/or PCI-DSS audit cycle (Advantage)
Experience in Agile development methodologies using JIRA
Prior experience with security tools such as Qualys, Rapid7, Splunk, CrowdStrike
Falcon, Nessus, Kali, BurpSuite
Excellent communication and interpersonal skills
Ability to excel in a rapidly changing environment
Ability to multitask high priority projects
Ability to work independently and as part of a team.
Why Procare?
- Excellent comprehensive benefits packages including: medical, dental, & vision plans
- HSA option with employer contributions
- Vacation time, holidays, sick days, volunteer & personal days
- 401K Plan with employer match and immediate vesting
- Employee Stock Purchase Plan
- Employee Discount Program
- Medical, Dependent Care, and Transportation FSA Plans
- Company paid Short and Long-Term disability and Life Insurance
- RTD EcoPass for all Denver employees
- Tuition Reimbursement and continued Professional Development
- Fast paced, high energy workplace environment in prime downtown location
- Regular company provided meals
$100,000-$125,000/year DOE
Location
This position is based in our Denver, CO office. We are currently in a hybrid in-office/remote working model based on business needs.
Salary : $100,000 - $125,000
