Job Summary
As a Vulnerability Management Analyst at Lam Research, you will play a critical role in execution of Vulnerability Management Program. An ideal candidate will be a subject matter expert in the VM Lifecycle Process and Reporting; with an ability to self-start while supporting and improving the overall Vulnerability Management Program for Lam's assets on-prem, or cloud-hosted. The candidate must possess good understanding of tools, techniques, and procedures that modern attackers use and have required understanding of security frameworks and methodologies such as NIST, OWASP 10, SANS TOP 25, MITRE ATT&CK. This role requires the ability to work with teams across different time zones, including in APAC, EMEA, and North America. As a Vulnerability Management Analyst, you will play a crucial role in ensuring information security compliance, mitigating risks, and driving overall security excellence within the organization.
The group you'll be a part of
The Information Security team is dedicated to the success of Lam through providing effective and seamless security controls to help protect the enterprise.
What You'll Do
- You will be responsible for managing and executing day to day operations of our vulnerability management tools including ensuring overall tool health and compliance, scheduling and executing scans, compiling and distributing reports, and tracking findings through resolution. Further, you will be responsible for monitoring threat intelligence feeds and help detect 0-day vulnerabilities and coordinate appropriate and timely response.
- Service ownership will include ongoing understanding of current solution-set and make recommendations on improvements, be that by vendor, capability, configuration, deployment, compliance, process, or other.
- Tool ownership will include ensuring appropriate configuration of the tools, scan sensors placement and compliance, timely scan cadence, appropriate coverage, detecting and highlighting gaps (and propose recommendations to address them), etc.
- Reporting findings to relevant stakeholders will range from regular cadence updates of scheduled scans to proactive critical 0-day related alerts, as well as adhoc scans as necessary.
- Develop relationships with stakeholders both in management and across the business units to help ensure familiarity with processes, expectations from each, and smooth execution of resolutions when vulnerabilities are detected.
- Classify and prioritize the risk of new vulnerabilities according to the specifics of our unique environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.
- Participate in impact assessments to help define prioritization and proper monitoring coverage. Provide recommendations and technical guidance for the vulnerability management program. Validate scan results, research mitigation methods and retest findings. Demonstrate understanding of infrastructure/cloud vulnerability scanning and configuration.
- Develop automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs.
- Analyze requirements to develop and manage program metrics and performance through reporting. Produce detailed reports and present metrics to key stakeholders in the business.
Who We're Looking For
- Experience with scanning tools such as Microsoft Defender, Tenable, Rapid7, Qualys, etc, and their configurations.
- Prior experience in systems or network administration, or understanding of requirements of such roles, including enterprise configurations of these areas.
- Certified in one of the security certifications like CEH/CISSP/OSCP.
- Experience with data analytics with the ability to provide qualitative analysis and recommendations.
- Ability to develop strong working relationships with a variety of other enabling teams.
- Strong attention to detail, data accuracy, and data analysis.
- Self-motivated and operates with a high sense of urgency and a high level of integrity.
- Ability to automate technical tasks using API or scripting.
Strong verbal and written communication skills.
Preferred Qualifications
- Bachelor's degree in computer science, Information Technology, Cyber Security, or 5+ years of Cybersecurity experience with a concentration in vulnerability management.
- Understanding a variety of technical concepts such as Networking, Systems Administration, Application Development, and Information Security practices.
Our commitment
We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results.
Lam Research (Lam or the Company) is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees.
Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories On-site Flex and Virtual Flex. On-site Flex you'll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. Virtual Flex you'll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time. 
