Todays Jobs
Job Role
Job Types
Sector
Aircraft type
AnalystSenior Analyst IT Vulnerability Management
Apply now
Location: Texas
Job type: Permanent
Aircraft type:
Contact:
Sector: IT & Communications
Job Role:
Additional Locations: None
Requisition ID: 20942
Overview
Join us for a career with endless possibilities.
Looking for a job where a passion for innovation, a culture of teamwork, and opportunities for growth are valued and rewarded? You’ve come to the right place.
You don’t have to be an airline aficionado to join American Airlines. It takes more than cool planes to keep us ahead of the curve, and thanks to our team of behind the scenes professionals, we do just that. As the largest airline in the world, American Airlines is in the business of serving the global travel needs of our customers. At the core of the Company is our commitment to each customer and each employee. We are dedicated to developing and delivering what our customers value and are willing to pay for. Customer-centric planning, innovative marketing, and an exceptional customer experience are supported by a cadre of talented people.
What does it take to join us? We’re glad you asked! We expect exceptional skills in your discipline and a dedication to being the best as we relentlessly pursue our goal of being not just the largest airline in the world, but also the best airline in the world.
Fortunately, we’re building on almost a century of innovation and firsts in our industry – and we plan to continue that tradition of excellence.
About The Job
This role drives the Vulnerability Lifecycle Management Process and tracks existing vulnerabilities from discovery to remediation. Reports and metrics and escalations are performed per the Vulnerability Management SOP.
Specifically, you’ll do the following:
* Interfaces with business units and IT stakeholders to identify and understand vulnerabilities, remediation requirements
* Provides and act as point of contact for managing and creating detailed and summarized reports vulnerability (metrics and KPI) and also remediation reports for IT stakeholders and management
* Creates tickets and notifications of vulnerabilities and potential vulnerabilities to IT stakeholders
* Creates and maintain a contact list of all IT stakeholders (IT Assets and Applications) involved in the vulnerability management process
* Builds effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations
* Gains commitment from stakeholders to implement recommended and agreed information security controls
* Maintains direct communication with IT Risk management
* Initiates escalations following the proper chain of command for IT stakeholders when vulnerabilities are not remediated in the allotted Vulnerability Remediation Timeline established in the Information Security Policy
About The Job (Continued)
* Follows up on alerts of new vulnerabilities possibly affecting the IT environment to determine if these vulnerabilities do affect the AA IT environment
* Maintains an up-to-date understanding of emerging cyber threats facing the transportation sector
* Applies new techniques and trends that are in line with overall information security objectives and risk tolerance
* Provides and demonstrates strong leadership, and organizational abilities applied across a large team with diverse skills
* Helps to formulate vulnerability management frameworks and working structures for initiatives associated with infrastructure technology and solution delivery teams
* Develops horizontal view of risk posture across multiple technology domains, lines of business, regions, etc.
* Executes Information Security strategy to proactively identify risk and drive remediation
* Implements security improvements by assessing baseline, evaluating trends, and anticipating requirements.
* Demonstrates ability to identify project stakeholders, plan, and manage stakeholder engagement
* Regularly communicates the progress of initiatives in writing and/or in presentation to senior leadership
* Works with various risk and information security teams in presenting vulnerability management status and updates to technology subject matter experts and management
* Contributes to, interprets and disseminates IS policy, standards, and awareness throughout the business units
* Additional ad-hoc IS & Risk related initiatives and projects
* Leads vulnerability management platform implementation and development/management of schema data model through all data warehouse environments
* Documents all vulnerability management ETL and data warehouse processes and flows
* Follows up on alerts of new vulnerabilities possibly affecting the IT environment to determine if these vulnerabilities do affect the AA IT environment
* Maintains an up-to-date understanding of emerging cyber threats facing the transportation sector
* Applies new techniques and trends that are in line with overall information security objectives and risk tolerance
* Provides and demonstrates strong leadership, and organizational abilities applied across a large team with diverse skills
* Helps to formulate vulnerability management frameworks and working structures for initiatives associated with infrastructure technology and solution delivery teams
* Develops horizontal view of risk posture across multiple technology domains, lines of business, regions, etc.
* Executes Information Security strategy to proactively identify risk and drive remediation
* Implements security improvements by assessing baseline, evaluating trends, and anticipating requirements.
* Demonstrates ability to identify project stakeholders, plan, and manage stakeholder engagement
* Regularly communicates the progress of initiatives in writing and/or in presentation to senior leadership
* Works with various risk and information security teams in presenting vulnerability management status and updates to technology subject matter experts and management
* Contributes to, interprets and disseminates IS policy, standards, and awareness throughout the business units
* Additional ad-hoc IS & Risk related initiatives and projects
* Leads vulnerability management platform implementation and development/management of schema data model through all data warehouse environments
* Documents all vulnerability management ETL and data warehouse processes and flows
Qualifications
Required Qualifications
* Bachelor’s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
* 5 years of Information Techvnology related experience
* 3+ years of Information Security related experience
* 2 years of experience in full lifecycle Operational Data Store (ODS) and Data Warehouse experience in ETL data integration efforts in enterprise-scale programs
* 2 years of experience of relational Oracle DBMS and Microsoft SQL
* 2 years of experience of performance optimization of ETL jobs
* 2 years of experience with SSIS
* 2 years of experience with SSRS
* Vulnerability Lifecycle Management experience
* Detailed Internet, networking, and computer knowledge (Software & Hardware) and common network/system service protocols
Qualifications (Continued)
Preferred Qualifications
* Information Security Certification such as: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT, etc
* Previous experience with Penetration Testing, Dynamic and Static Code Analysis, Incident Response, Change Management, Patching Systems and Programs
* Application coding and scripting via Python, SQL, BASH or PowerShell
* Knowledge of multiple operating systems and applicable system administration skills (Windows, Solaris, Linux)
* Knowledge of client-server applications, Web Servers (IIS, Tomcat, Apache) multi-tier web applications, relational databases, firewalls, VPNs, IPS, IDS and enterprise Anti-Virus products
* Knowledgeable of evolving trends in offensive and defensive cyber tools, tactics, and procedures
* Self-directed, works with minimal guidance, and recognizes when guidance needed
* Ability to effectively communicate both verbally and written with all levels within the organization
* Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
* Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
* Ability to work well within a team environment, as well as independently
Preferred Qualifications
* Information Security Certification such as: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT, etc
* Previous experience with Penetration Testing, Dynamic and Static Code Analysis, Incident Response, Change Management, Patching Systems and Programs
* Application coding and scripting via Python, SQL, BASH or PowerShell
* Knowledge of multiple operating systems and applicable system administration skills (Windows, Solaris, Linux)
* Knowledge of client-server applications, Web Servers (IIS, Tomcat, Apache) multi-tier web applications, relational databases, firewalls, VPNs, IPS, IDS and enterprise Anti-Virus products
* Knowledgeable of evolving trends in offensive and defensive cyber tools, tactics, and procedures
* Self-directed, works with minimal guidance, and recognizes when guidance needed
* Ability to effectively communicate both verbally and written with all levels within the organization
* Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
* Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
* Ability to work well within a team environment, as well as independently
Additional Locations: None
Requisition ID: 20942
Nearest Major Market: Fort Worth
Nearest Secondary Market: Dallas
Job Segment:
Manager, System Administrator, Engineer, Database, Oracle, Management, Engineering, Technology
Apply for this job