1. Vulnerability Scanning
a. Assists System Owners, Server Admins, and IT Managers in identifying vulnerabilities on their systems primarily through the use of vulnerability management software.
b. Ensures that the Vulnerability Management software is scanning all available hosts on AFCU’s network.
c. Ensures that all scans are completed as scheduled following a risk-based approach for type and frequency of scans.
d. Sets up authenticated scans as often as possible.
e. Works with the Asset Tracking Admin to ensure each host on the network with a vulnerability has an owner.
f. Follows up on any incomplete scans.
g. Assists in the troubleshooting and fixing of problems related to vulnerability scans.
h. Assists System Owners and Server Admins with the verification of false positives and adjusts the vulnerability management software scans to omit those.
i. Updates the vulnerability management standards as needed to align with industry best practices.
a. Runs regular reports to determine AFCU’s status in their patching efforts and communicates those findings to the appropriate personnel. For example…
I. Uses outstanding patch trending reports to monitor for anomalies in the vulnerability management effort.
II. Follows up with the appropriate personnel when anomalies are detected; documents the reason for the anomalies and facilitates their resolution.
III. Reports outstanding patch trending reports to SOC Manager, System Owners, Server Admins, and IT Managers on a regular basis to keep them informed on patching status.
IV. Escalates vulnerabilities that are not resolved in a timely manner as per AFCU’s vulnerability management standard.
3. Managing Exceptions
a. Carefully reviews and documents requests for exceptions to the vulnerability management software scans and obtain the necessary approvals for exceptions as per the vulnerability management standard.
b. Updates the vulnerability management software to omit approved exceptions for the regular scans.
c. Periodically reviews exceptions as per the vulnerability management standard.
4. Responsible for related duties as required or assigned.
a. Creates other means for measuring, monitoring, and controlling vulnerabilities and the patching of those vulnerabilities, such as identifies Key Performance (KPI) & Key Risk Indicators (KRIs).
b. Completes special projects as assigned.
c. Assists with security assessments of credit union systems.
d. Assists with the security assessment of various software purchases, external vendors and technology service providers.
e. Supports other IT Department and SOC Department staff as needed.
f. Performs ad-hoc scans as needed.