• Job Description

  Req#: REQ001706

  Technology - Information Security – Vulnerability Threat Management

  100% Remote (working EST)

  About the Team

  The Cyber Defense & Vulnerability Threat Management teams are critical to the strategic foundation for delivery of our products, most notably the secure delivery of our new Digital SAT and AP programs. We are a highly motivated group of cyber security experts who take a proactive approach to ensuring a strong security posture. We partner across the organization to mature our Threat management and Incident Response procedures and are constantly seeking and experimenting with new technologies. We are currently using a variety of cutting-edge tools that provide comprehensive cyber security operations for the College Board’s critical infrastructure in support of the College Board’s mission to connect students to college success and opportunity. College Board is committed to creating an inclusive environment where all team members feel valued, respected, and supported in their work. We welcome individuals from diverse backgrounds and experiences to join our team and contribute to our ongoing success.

  About the Opportunity

  As our Cyber Threat Analyst, you will be integral in evolving, transforming, and executing our Vulnerability & Threat Management (VTM) program which is crucial to College Board’s health and success. You will execute on and support a robust, comprehensive VTM program that spans multiple legacy and future-facing domains. Looking across a vast portfolio of applications, endpoints, on-premises networks, and cloud environments, you will ensure thorough scanning and monitoring of all College Board assets. You will support development of systems and processes to integrate and assess all pertinent data from those scans and external feeds to create efficient action plans needed to maintain the security of College Board data and systems. You will be hands-on, bringing security industry knowledge that evolves with current and emerging threats as well as an ongoing understanding of key business and technological processes. You will manually validate detected vulnerabilities and assist asset owners with remediation efforts. You will work closely with multiple teams, including the Governance, Risk and Compliance Office (GRC), Product Security, Endpoint Engineering, Systems Engineering, Security Architecture and Design, and the Cyber Defense team. Your ability to quicky assess and validate information on threats and vulnerabilities, identify their context, prioritize findings relative to risk, and develop action plans aligned with security best practices, industry compliance requirements, and business demands will be essential. Additionally, you will help others interpret, understand, and apply information security policies and standards to mitigate information security risks.

  In the role, you will:

  • Plan and execute vulnerability and compliance scans across the infrastructure

  • Collaborate with infrastructure and application teams on security vulnerability remediation or patch management validation

  • Manually validate web application and network-based vulnerabilities detected through automated scanning mechanisms

  • Create custom vulnerability scanning templates

  • Understand the organizations tech stack and identify potential threats by monitoring intelligence feeds

  • Identify gaps in organizational security and make recommendations for remediations

  • Triage request for security scans from infrastructure and application teams

  • Develop procedures for the review and assessment of vulnerability scan results

  • Collaborate with high-performing Agile teams and individuals throughout the organization to accomplish goals

  • Track tasks through Jira in an agile environment

  • Analyze vulnerabilities, threats, vulnerability reports, and sharing intelligence

  • Apply strong deductive reasoning, critical thinking, problem solving, and prioritization skills

  • Establish key relationships in the various technology and application development teams

  About You

  You have:

  • 3+ years’ experience in Information Technology/Engineering with at least 1 year of recent experience focused on security

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, remote code execution, cross-site scripting)

  • Experience with security tools like Tenable.VM, Nessus or similar

  • Knowledge of open security standards and projects, including OWASP

  • Experience with Linux system administration and/or vulnerability remediation activities

  • Basic knowledge of network scanning tools (nmap, netcat, telnet, etc.)

  • Strong Cloud Computing knowledge in AWS (EC2 Management, VPC configuration, ACL/SG configuration, Serverless configuration)

  • Excellent verbal and written communication skills with the ability to present technical and security-related concepts to a broad range of technical and non-technical audiences

  • Possesses strong interpersonal and project management skills

  • Ability to identify and analyze potential gaps from large vulnerability data sets

  • Authorization to work in the U.S.

  Additional nice-to-haves:

  • Experience with SOAR platforms and scripting with python is a plus

  • OSCP, GPEN, GWAPT or similar certification is a plus

  • Knowledge of penetration testing principles, tools, and techniques is a plus

  • Knowledge of vulnerability testing tools (Nuclei, Burp Suite, Zap, Cobalt Strike, etc.), custom YAML templates and manual testing is a plus

  About Our Process

  • Application review will begin immediately and will continue until the position is filled

  • While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

  About Our Benefits and Compensation

  College Board offers a competitive benefits and compensation program that attracts top talent looking to make a difference in education. As a self-sustaining non-profit, we believe in compensating employees equitably in relation to each other, their qualifications, their impact, and the relevant market.

  The hiring range for a new employee in this position is $120,000 to $131,000. Your salary will be carefully determined based on your location, relevant experience, the external labor market, and the pay of College Board employees in similar roles. College Board strives to provide our best offer up front based on these criteria.

  Your salary is only one part of all that College Board offers, including but not limited to:

  • A comprehensive package designed to support the well-being of employees and their families and promote education. Our robust benefits package includes health, dental, and vision insurance, generous paid time off, paid parental leave, fertility benefits, pet insurance, tuition assistance, retirement benefits, and more

  • Recognition of exceptional performance through annual bonuses, salary growth over time through market increases, and opportunities for merit raises and promotions based on increased scope of responsibility

  • A job that matters, a team that cares, and a place to learn, innovate and thrive

  You can expect to have transparent conversations about benefits and compensation with our recruiters throughout your application process.

  #LI-MS1

  #LI-REMOTE

• About the company

  The College Board is an American not-for-profit organization that was formed in December 1899 as the College Entrance Examination Board to expand access to higher education.

Notice