Job Number 20032824
Job Category Information Technology
Location Marriott International HQ| 10400 Fernwood Road| Bethesda|
Maryland| United States
Position Type Management
Start Your Journey With Us
Marriott International is the world’s largest hotel company| with more brands|
more hotels and more opportunities for associates to grow and succeed. We
believe a great career is a journey of discovery and exploration. So| we ask|
where will your journey take you?
Contributes to workgroups and/or functions as a technical expert. Assesses and
reports on vulnerabilities and remediation efforts across the enterprise.
Reviews and documents internal systems review activities. Contributes to
designs and roll out of evaluation and improvement processes to assure the
inclusion of appropriate elements of quality and compliance with security
policy and regulations. Supports the definition and implementation of the
Information Vulnerability Management (IVM) Program through the identification
and analysis of known and newly found vulnerabilities to determine their
operational and security impact. Address vulnerabilities found through
remediation recommendations| Information Vulnerability Alerts and Information
Vulnerability Bulletins. This task area requires technical knowledge in
computer network theory| IT standards and protocols| as well as an
understanding of the lifecycle of cyberspace threats| attack vectors| and
methods of exploitation.
Education and Experience
Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
5 years of information technology experience that include experience in implementing| managing or governing security technologies| including vulnerability scanning tools (i.e. Retina| Nessus| etc.)
Current information security certification| including Certified Information Security Manager (CISM)| Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
Technical leadership experience in a sourced environment
Basic Project management skills
Excellent communication skills and problem solving ability
Demonstrated ability to work independently and with others
Ability to manage the details and compliance with standards and expectations
Technical infrastructure operations| administration| or engineering background
CORE WORK ACTIVITIES
Contributes technical expertise to the information vulnerability management process| including support of the remediation program
Identify and draft mitigation guidance for vulnerabilities with no vendor- provided remediation
Establish communications with vendors for the release of newly identified vulnerabilities to ensure they understand specialized and proprietary asset requirements
Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders
Contribute to daily| weekly| monthly and annual vulnerability metrics associated with affected and non-compliant assets
Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated information to report vulnerability mitigation and remediation progress
Identify| analyze| and develop mitigation or remediation actions for system and network vulnerabilities
Assist with the prioritization of newly identified software/hardware vulnerabilities based upon severity| potential operational impact| exploitation| and other factors to assess risk to Marriott assets
Conduct open source research to identify and analyze known and unknown vulnerabilities
Analyze known issues with vendor provided fixes and contact the appropriate vendor for a defined and attainable solution
Perform planned and ad-hoc infrastructure vulnerability scanning| determine remediation options and track remediation to completion.
Evaluate and test hardware| firmware and software for possible impact on system security| and the investigation and resolution of security risk and incidents. Assist with vulnerability exceptions.
Initiate and evaluate vulnerability scans for operational readiness and validate if vulnerabilities are false positives based on the Operating system and/or and application configuration.
Maintain process documentation for Patch Management.
Assess| maintain| and distribute security patch deployment ratings for Microsoft| Linux| Unix| and HPUX patch releases.
Works with IT Infrastructure partners regarding major system changes to ensure information security standards are addressed early in a project’s life and incorporated into the resulting program
Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to operate and support the infrastructure services
Participates in the evaluation and selection of security services products
Supports governance based on best practices and ensures proper alignment to projects and major initiatives
Conducts analysis of the current environment to detect critical deficiencies and recommends solutions for improvement
Conducts analysis of technology industry and market trends to determine their potential impact on the infrastructure architecture
Promotes the benefits of security services to the organization and educates the team on security concepts
Identifies opportunities to enhance the service delivery processes
Follows all defined IT standards and processes (i.e. IT Governance| SM&G| Architecture| etc.)| and provides input for improvements to the appropriate process owners as needed
Maintains a proper balance between business and operational risk
Follows the defined project management standards and processes