Who are we?

Help us challenge assumptions, uncover bias, and remove barriers—because progress starts with fresh ideas. You’ll find belonging, purpose, and a team that welcomes you—because when you feel valued, you’re empowered to do your best work.

Job Summary 

The Threat and Vulnerability Management (TVM) Analyst promotes security by identification, assessment, and reporting of security vulnerabilities pertaining to corporate assets to reduce risk of exploitation via prioritized remediation and achievement of service-level agreements (SLAs). These processes involve vulnerability scanning, risk analysis, patch management, and coordinating remediation with multiple internal teams, often across cloud, container, and application environments. Common vulnerability scanner operation, understanding cloud security (e.g., AWS, Azure, GCP, etc.), understanding common software development and software security practices, and ability to navigate compliance frameworks are important skills and knowledge for this role. The TVM Analyst evaluates internal and external vulnerability scanning results, addresses false positives, and produces and disseminates related reporting to TVM stakeholders. Current knowledge of industry standards and best practices in vulnerability management assists the TVM Analyst in contributing to continued improvement of the TVM program. Additionally, this individual works with internal team members to ensure that systems remain functional, secure, and are managed in an efficient and scalable manner. 

 

Responsibilities 

• Configuring and executing scheduled and ad hoc network- and host-based scans using enterprise-grade tooling to identify vulnerabilities within multiple environments

• Developing and enhance scanning strategies to ensure comprehensive scanning coverage across the entire company

• Analyzing vulnerability data to identify trends, patterns, and potential impacts and reporting findings to relevant stakeholders

• Partnering with enterprise-wide stakeholders to understand environmental, compliance, and other factors that may influence prioritization of remediation of vulnerabilities

• Notifying system owners and other vulnerability stakeholders on a periodic basis and assisting in achievement of remediation within established SLAs by asserting formal processes

• Creating, maintaining, and presenting weekly and monthly metrics to stakeholder, management, and executive management audiences

• Maintaining and validating Operating System Baseline Configuration standards that are mapped to standards such as the Center for Internet Security (CIS) Critical Security Controls

• Communicating risks and recommending security controls to stakeholders at all levels

• Assessing exposure to zero-day and other significant vulnerabilities to ensure timely response to threats and risks

 

Qualifications 

• Experience working with a vulnerability scanning platforms (e.g., Nexpose, Nessus, Qualys, etc.)

• Strong technical skills related to operating systems, networks, applications, virtualization, and cloud environments

• Knowledge of security best practices, risk assessment, and vulnerability classification (e.g., CVSS, MITRE ATT&CK, etc.)

• Extensive automation experience using Python, PowerShell, or other common means of automating repeatable work tasks

• Understanding of asset and application management systems and ability to use these systems in a scaled manner to work efficiently

• Experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, and security incident management

• Strong understanding of potential compensating controls related to asset and application vulnerability to assist in prioritization of vulnerability remediation

• Must be a self-starter, self-motivated, and able to work independently with little oversight

• Strong communications skills and the ability to positively influence vulnerability stakeholders

• Bachelor’s degree required, master’s degree preferred

• Degrees and/or Certifications in information security and similar preferred

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability.  If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form.

Equinix is an Equal Employment Opportunity and, in the U.S., an Affirmative Action employer.  All qualified applicants will receive consideration for employment without regard to unlawful consideration of race, color, religion, creed, national or ethnic origin, ancestry, place of birth, citizenship, sex, pregnancy / childbirth or related medical conditions, sexual orientation, gender identity or expression, marital or domestic partnership status, age, veteran or military status, physical or mental disability, medical condition, genetic information, political / organizational affiliation, status as a victim or family member of a victim of crime or abuse, or any other status protected by applicable law. 

We use artificial intelligence in our hiring process. Learn more here.