What you'll do...
Position: Risk Expert III
Job Location: 702 SW 8th Street, Bentonville, AR, 72712
Duties: Cyber Risk Management: contribute towards development of cyber risk assessment and/or management techniques to identify security gaps and weaknesses in the business. Designs cyber risk assessments by consolidating insights from the business and various functions. Identifies cyber security risks, threats and vulnerabilities, and their impact on the organization. Identifies possible treatments for cyber risks, threats and vulnerabilities identified. Identifies and propose implementation of endorsed mitigation measures to address security gaps. Risk and Security Governance: independently assess the security compliance of applications and infrastructure components to risk and security standards and baselines. Identifies lapses in organizational risk and security standards or issues that may endanger information security and integrity. Develops specific action plans for different business units based on corporate risk and security policies, standards, and guidelines. Evaluates technologies and tools that can address security gaps and facilitate alignment with risk and security policies. Introduces/participates in the introduction of security controls in alignment with corporate risk and security policies and frameworks. Implements security guidelines and protocols and ensures understanding and compliance. Reviews the adequacy of information security controls. Identifies areas for improvement and proposes solutions or revisions to risk and security guidelines. Security Assessment and Testing: participate in authorized penetration testing of systems using a range of penetration testing methodologies, tools, and techniques. Demonstrates awareness of system components and impacts and contributes to the remediation of identified issues. Uses a suite of network monitoring and vulnerability scanning tools to assess threats and vulnerabilities in systems. Identifies vulnerability exploitations and potential attack vectors in systems. Analyzes vulnerability scan results to size and assess security loopholes and threats. Vulnerability Assessment: independently assess weaknesses identified in threat modeling, secures source code review, and makes recommendations to address/remediate/prevent. Conducts authorized penetration testing of systems using arrange of penetration testing methodologies, tools, and techniques. Uses a suite of network monitoring and vulnerability scanning tools to assess threats and vulnerabilities in a system. Identifies vulnerability exploitations and assists in the implementation of vulnerability prevention and remediation. Proactively analyses vulnerability scan results to size and assess security loopholes and threats. Assesses current security practices and controls against expected performance parameters or guidelines. Communicates and delivers vulnerability assessments and penetration testing reports, highlighting key threats and areas for improving system security. Assesses hacking techniques and attacks posing the greatest risks to organizational systems. Network Security: identify and analyze network security threats and vulnerabilities. Proposes recommendations to address network security deficiencies. Implements perimeter security, network hardening measures and authentication, and user account controls according to identified deficiencies and organizational asset security requirements. Designs and conducts testing to verify the key functions and performance measures of network security. Debugs network security according to test results. Reviews logs and audit reports to record security incidents, intrusions, and attempts. Threat Research, Intelligence & Analysis: conduct searches to identify potential threats and effectively communicate key findings with supervisors and managers. Leverages knowledge of intelligence operations to gather data in support of production of briefings and written activity reports.
Minimum education and experience required: Bachelor's degree or the equivalent in computer science, information technology, engineering, or a related field plus 2 years of experience in cybersecurity risk or related experience OR; 4 years of experience in cybersecurity risk or related experience
Skills Required: Must have experience with: programming in Python and R; using data mining too explore large databases and perform analyses; building data pipelines for optimal Extract, Transform, Load (ETL); leveraging SAS, Tableau, Power BI, Alteryx and SQL to analyze and process data; utilizing applied mathematics to solve problems; designing and utilizing Linear Regression, Logistic Regression, Neural Networks and Classification Tree for machine learning models; using Hadoop to handle big data and analytics jobs; designing and utilizing Statistical Hypothesis tests for machine learning models; cybersecurity engineering; Quantitative analytics; Leveraging statistical modeling to solve business problems. Employer will accept any amount of experience with the required skills.
#LI-DNP #LI-DNI
Wal-Mart is an Equal Opportunity Employer.