Senior Analyst - Attack Surface Management
Apply NowCompany: Best Buy Co, Inc
Location: Minneapolis, MN 55423
Description:
Job Description
The Attack Surface Management (ASM) Senior Analyst independently manages team programs, projects, operations, and improvement initiatives in support of managing technical risk at scale across Best Buy. They work closely with IT and business groups to assist in the collection, analysis, and dissemination of vulnerability and configuration risk data. The Senior Analyst ensures that all business requests for service are dealt with promptly and professionally and that services are delivered according to the agreed schedule. They help manage stakeholder expectations and have responsibility for the business's satisfaction with how technical risk is managed.
The ASM Senior Analyst will train and mentor analysts on systems and standard operating procedures, manage multiple operational scopes of technical risk responsibility, and consistently work to formalize and improve the technical risk management processes. They must have a solid technical security foundation and be agile, quick learners for both processes and technologies to help support ASM technical assessment tools. The Senior Analyst needs to have a strong understanding of vulnerability and configuration risk identification, the critical business processes of Best Buy, and the systems that support them.
This role is hybrid, which means you will be required to work some days on-site at the Best Buy location listed on this posting and some days virtually from home or other non-Best Buy location. The specific work arrangements vary by role and team. The recruiter or hiring manager will provide more details during the hiring process.
Core Responsibilities:
Research / Analytics
Review data and triage appropriately; understand vulnerabilities and misconfigurations, and make connections to broader potential threats
Proactively review technical data, interpret results, and form data-driven opinions to make recommendations on risk
Prioritize risk efficiently and appropriately; challenge assumptions and methodologies
Work with internal teams to respond to vulnerabilities
Documentation
Assist in shaping, tailoring, and delivering final documentation to leaders/clients
Assist in drafting reporting templates
Organize reports based on existing data sets; update/maintain the contents of various existing reports or data sets
Assist with determining which process and workflows should be utilized
Collaboration/Communications
Create or revise process documents/SOPs utilized by internal teams
Work with, and provide, day-to-day work direction to contingent workers on tasks, SOPs, etc.
Develop and maintain cross-functional partnerships; build relationships across teams and anticipate client needs
Build cross-functional capabilities to improve management of secure system configurations
Operations & Process Improvement
Manage ongoing vulnerability and configuration Health compliance requirements
Coordinate, execute, and deliver training sessions
Maintain and organize operating procedure content on internal documentation sites
Identify and understand potential vulnerabilities, gaps, or opportunities that may exist and communicate to leaders
Provide recommendations on solutions to fix/close identified gaps
Basic Qualifications
2+ years of experience working with vulnerability management and IT patching processes
2+ years of experience in information technology, information security, or related fields
2+ years of experience with Windows, Linux, Unix, and/or mobile platforms
1+ years of experience with information security concepts, network architecture, hardware and software troubleshooting, and vulnerability/configuration management
Strong written and verbal communication skills
Preferred Qualifications
2+ years of experience working with application-level vulnerability management
2+ years of experience working with secure systems configuration management
2+ years of experience designing or re-engineering business/IT processes
Experience with cloud-based IT systems and related security risks/controls
Experience with container-based IT solutions and related security risks/controls
What's in it for you
We're committed to helping our people thrive at work and at home. We offer generous benefits that address your total well-being and provide support as you need it, especially at key moments in your life.
Our benefits include:
As part of the Best Buy team, you'll help us fulfill our purpose to enrich lives through technology. We bring that to life every day by humanizing and personalizing tech solutions for every stage of life - in our stores, online, and in customers' homes.
Our culture is built on deeply supporting and valuing our amazing employees who make it all possible. We're committed to being a great place to work, where you can unlock unique career possibilities. Above all, we aim to provide a place where you can bring your full, authentic self to work now and into the future. Tomorrow works here.
Best Buy is an equal opportunity employer.
Benefits
Best Buy offers a range of benefits to support your overall well-being, as outlined in the Benefits Guide. Eligibility may vary.
The Attack Surface Management (ASM) Senior Analyst independently manages team programs, projects, operations, and improvement initiatives in support of managing technical risk at scale across Best Buy. They work closely with IT and business groups to assist in the collection, analysis, and dissemination of vulnerability and configuration risk data. The Senior Analyst ensures that all business requests for service are dealt with promptly and professionally and that services are delivered according to the agreed schedule. They help manage stakeholder expectations and have responsibility for the business's satisfaction with how technical risk is managed.
The ASM Senior Analyst will train and mentor analysts on systems and standard operating procedures, manage multiple operational scopes of technical risk responsibility, and consistently work to formalize and improve the technical risk management processes. They must have a solid technical security foundation and be agile, quick learners for both processes and technologies to help support ASM technical assessment tools. The Senior Analyst needs to have a strong understanding of vulnerability and configuration risk identification, the critical business processes of Best Buy, and the systems that support them.
This role is hybrid, which means you will be required to work some days on-site at the Best Buy location listed on this posting and some days virtually from home or other non-Best Buy location. The specific work arrangements vary by role and team. The recruiter or hiring manager will provide more details during the hiring process.
Core Responsibilities:
Research / Analytics
Review data and triage appropriately; understand vulnerabilities and misconfigurations, and make connections to broader potential threats
Proactively review technical data, interpret results, and form data-driven opinions to make recommendations on risk
Prioritize risk efficiently and appropriately; challenge assumptions and methodologies
Work with internal teams to respond to vulnerabilities
Documentation
Assist in shaping, tailoring, and delivering final documentation to leaders/clients
Assist in drafting reporting templates
Organize reports based on existing data sets; update/maintain the contents of various existing reports or data sets
Assist with determining which process and workflows should be utilized
Collaboration/Communications
Create or revise process documents/SOPs utilized by internal teams
Work with, and provide, day-to-day work direction to contingent workers on tasks, SOPs, etc.
Develop and maintain cross-functional partnerships; build relationships across teams and anticipate client needs
Build cross-functional capabilities to improve management of secure system configurations
Operations & Process Improvement
Manage ongoing vulnerability and configuration Health compliance requirements
Coordinate, execute, and deliver training sessions
Maintain and organize operating procedure content on internal documentation sites
Identify and understand potential vulnerabilities, gaps, or opportunities that may exist and communicate to leaders
Provide recommendations on solutions to fix/close identified gaps
Basic Qualifications
2+ years of experience working with vulnerability management and IT patching processes
2+ years of experience in information technology, information security, or related fields
2+ years of experience with Windows, Linux, Unix, and/or mobile platforms
1+ years of experience with information security concepts, network architecture, hardware and software troubleshooting, and vulnerability/configuration management
Strong written and verbal communication skills
Preferred Qualifications
2+ years of experience working with application-level vulnerability management
2+ years of experience working with secure systems configuration management
2+ years of experience designing or re-engineering business/IT processes
Experience with cloud-based IT systems and related security risks/controls
Experience with container-based IT solutions and related security risks/controls
What's in it for you
We're committed to helping our people thrive at work and at home. We offer generous benefits that address your total well-being and provide support as you need it, especially at key moments in your life.
Our benefits include:
- Competitive pay
- Generous employee discount
- Physical and mental well-being support
As part of the Best Buy team, you'll help us fulfill our purpose to enrich lives through technology. We bring that to life every day by humanizing and personalizing tech solutions for every stage of life - in our stores, online, and in customers' homes.
Our culture is built on deeply supporting and valuing our amazing employees who make it all possible. We're committed to being a great place to work, where you can unlock unique career possibilities. Above all, we aim to provide a place where you can bring your full, authentic self to work now and into the future. Tomorrow works here.
Best Buy is an equal opportunity employer.
Benefits
Best Buy offers a range of benefits to support your overall well-being, as outlined in the Benefits Guide. Eligibility may vary.