Junior Vulnerability Analyst
Zapponian [noun|employee of Zappos]. You are self-motivated. You think like an entrepreneur, constantly innovating and driving positive change, but more importantly, you consistently deliver mind-boggling results.
Bold [adjective|not afraid of anything]. A role at Zappos is an opportunity to be a part of something different. To go bold. We’re a company that isn’t afraid to take risks and question the status quo. Oh yeah, we like to have fun too.
Perks [noun|the good stuff you get for working hard]. Zappos pays 100% of your medical, dental and vision premiums. Primary care visits, dental exams, eye exams and generic prescriptions are all free. Plus matching 401k, life coaches, orthodontic benefits, and more. And don’t forget, an unlimited 40% Zappos.com discount.
1990s [noun|a decade we love, but no longer live in]. Old school cover letters are so 1990. Want to show us who you really are? Create a video cover letter. A flash mob, a comedic monologue… whatever showcases your passion for Zappos and the work you’d be doing! Videos are not required, but if you create it, we’ll watch it.
Scout [noun|you're a recruiter, too]. As a Zapponian, we’ll ask that you always keep your eye out for great talent to join our family. Consider yourself an extension of the recruiting team, scouting for the best people to grow our company.
The Junior Vulnerability Analyst will be responsible for assisting with the remediation of security issues as they arise in the Zappos.com technical environment. This position assists in helping the organization identify possible issues by maintaining and configuring our scanning devices. Organization of raw finding data will be required to ensure that completeness of information is maintained, as well as making this information easily digestible for other tech teams to drive remediation efforts. This position will be tasked with following up with tech teams to ensure remediation is completed in a timely manner based on risk-scores.
What you’ll be doing:
- Configuring and maintaining our vulnerability scanning solutions.
- Partnering with our internal teams to assist in the remediation and prioritization of vulnerabilities.
- Creation and automation of purple teaming efforts.
- Analyzing new vulnerabilities and assessing impact to Zappos.
- Continuously brief senior leadership on vulnerability metrics.
- Expert level understanding in at least one core area of Information Security
- Strong knowledge of vulnerability scanning tools (Qualys, Nexpose, etc.)
- Strong knowledge of the OSI model and TCP/IP
- Strong knowledge on risk scoring vulnerability issues and their individual severities (CVSS)
- Familiarity with controls and control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, OWASP, ISO, COBIT, etc.)
- An understanding of network design and architecture
- Familiarity with using issue tracking software (Jira)
- Strong deductive reasoning, problem solving, and critical thinking abilities
- 3+ years of experience in a technical information technology role
- Knowledge of AWS and Azure Cloud configurations and how to secure them
- Knowledge of MITRE ATT&CK frameworks
- Relevant security certifications (e.g., GPEN, OSCP, CISA, CISM, CEH, etc.)
- Experience with driving large, company-wide initiatives
- An understanding of regulatory requirements: PCI, SOX, ISO 27002 standard
- Experience with visualization software (Tableau, Qlik, etc.)
- Familiarity with patch management and development of patching protocols for Information Technology systems
- Experience with scripting languages for automation (Python, Unix Shell (bash/ksh), etc.) a plus
Don’t See Your Dream Job?
That’s okay! We are always looking for smart, forward-thinking problem solvers to join our world-class technology team. Leave your information and once we open our next role and you meet what we’re looking for, we’ll reach out to you!
Zappos Tech typically hires for the following positions:
- Product/Program/Project Managers
- Data Scientist/Data Analysts
- Technical Project Managers
- Software Engineers
- Frontend Engineers
- UX Designers
- Mobile Engineers
- Network, Security and System Engineers