Open-Source Risk Realignment Analyst

Overview

All Openings
https://www.jobshorn.com/company/sohanit-inc/jobs

Description

The Open-Source Risk Realignment Analyst is responsible for helping the Cyber Security Engineering team to assess and realign vulnerabilities in open-source components. Risk realignment involves taking the base score for the vulnerability and analyzing it in the context of the application that will be using the vulnerable component, for example if the base score for the vulnerability is “Critical” but the application is internally facing only, then the risk may be realigned to reflect a “High” or “Medium” severity, depending on the data classification that the application maintains (“Public”, “Internal”, “Confidential” or “Restricted”). The role will be responsible for managing components in open-source tools including JFrog Artifactory and Xray, re-rating vulnerability severity using our published risk realignment process, and managing VITs in Service Now.
In this role you will be a key player in helping the Cyber Security Engineering team enable new process as we move to support business development teams in determining what vulnerabilities need to be addressed with highest urgency.
Responsibilities

Tasks for this role include:

Process open source related requests in service now
Use risk realignment process to calculate adjusted vulnerability severity (process diagram is a published document and base vulnerability scores are available in Artifactory)
Create vulnerability tracking item (VIT) in service now
Create repository in Artifactory and publish vulnerable open source component to the new repo
Close out VITs and remove vulnerable open source component from repo once development team achieves remediation
Required Qualifications

At least 1 years’ experience with exposure to Open Source components and tools
Knowledge of open source vulnerabilities and risk remediation
Comfortable following published process for risk realignment
Comfortable providing remediation advice to developer teams
Experience with DevSecOps, Software Development Life Cycle (SDLC), Agile (Scrum/Kanban)
Excellent communication skills, can navigate organization structures and processes
Preferred Qualifications

Experience with Open Source components, tools and vulnerability management
Experience with JFrog Artifactory and Xray
Experience using Service Now