Job Description

ICON plc is a world-leading healthcare intelligence and clinical research organisation. From molecule to medicine, we advance clinical research providing outsourced services to pharmaceutical, biotechnology, medical device and government and public h

ICON plc is a world-leading healthcare intelligence and clinical research organisation. From molecule to medicine, we advance clinical research providing outsourced services to pharmaceutical, biotechnology, medical device and government and public health organisations. With our patients at the centre of all that we do, we help to accelerate the development of drugs and devices that save lives and improve quality of life. Our people are our greatest strength, are at the core of our culture, and the driving force behind our success. ICON people have a mission to succeed and a passion that ensures what we do, we do well. The Role We are seeking to hire a Senior Vulnerability Management Analyst to join our global Cyber & Information Security team. The Senior Vulnerability Management Analyst is a hands-on practitioner and representative of the vulnerability management practice in the global Cyber & Information Security team. This is a technical role and candidates must possess a solid understanding of information security, applications, operating systems, networking, cloud infrastructure, and basic attacker tactics, techniques, and procedures (TTPs). The vulnerability analyst understands that legacy and present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to compromise. Given that vulnerability management and risk exposure extend across all technical systems enterprise-wide, responsibilities of this position include identifying assets and vulnerabilities, reporting, remediation and continuous assessment. The position must collaborate with other IT, Software Development and Security Operational functions for remediation and additional validation, as well as contribute to other collaborative approaches driven by the Cyber & Information Security team strategy. Responsibilities Work as part of a team to consistently learn and share advanced skills and foster team excellence. Manage vulnerabilities across applications, endpoints, databases, networking devices, mobile and cloud assets. Conduct continuous discovery and vulnerability assessment of enterprise-wide assets. Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation. Support various IT and Application teams in remediation efforts and ensuring that vulnerabilities have been appropriately remediated or managed in a timely manner. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging. Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds. Collaborate with the IT Security Operations team and wider Information Security teams such as Cyber Risk Management, Security Architecture & Engineering and Cyber Resilience. Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary. Perform other duties as assigned. Requirements Minimum of 4 years experience in information security operations, vulnerability management, and minimum of 4 years experience in IT operations or similar role Bachelor's degree in computer science, information security, or other related program Information security related certification desired (e.g., GEVA, GCED, GPEN, GCIH, or similar professional certification). Understanding of Windows and .nix operating systems, endpoint applications, networking protocols and devices. Experience working with a vulnerability management solution (e.g. Tenable, Rapid7, Qualys) Preferably some experience with vulnerability management across Amazon Web Services (AWS) or Microsoft Azure. Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle. Capable of scripting in Python, Bash, Perl or PowerShell Familiar with the laws, regulations, industry standards and guidance pertaining to Data Protection and Information Security Able to handle moderate problem resolution with general supervision. Analytical and problem-solving mind-set. Must have strong interpersonal, teamwork, self-initiative skills. Benefits of Working in ICON: Our success depends on the quality of our people. That's why we've made it a priority to build a culture that rewards high performance and nurtures talent. We offer very competitive salary packages. And to keep them competitive, we regularly benchmark them against our competitors. Our annual bonuses reflect delivery of performance goals - both ours and yours. We also provide a range of health-related benefits to employees and their families and offer competitive retirement plans - and related benefits such as life assurance - so you can save and plan with confidence for the years ahead. But beyond the competitive salaries and comprehensive benefits, you'll benefit from an environment where you are encouraged to fulfil your sense of purpose and drive lasting change. ICON is an equal opportunity and inclusive employer and is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.