Senior Tax Analyst managing complex fiscal calculations and tax regulations. Conducting audits, ensuring compliance, and providing strategic tax planning with a critical approach.
About the role
- Vulnerability Management Analyst ensuring security posture and mitigating vulnerabilities at MassMutual. Collaborating across teams to enhance organizational security compliance and resilience.
Responsibilities
- Lead the design, implementation, and continuous improvement of the enterprise vulnerability management program.
- Hands on experience using automated scanning tools (e.g., Qualys, Tenable, Rapid7, Wiz) to identify, assess, report, and track vulnerabilities detected on operating systems, databases, network devices, mobile devices, and cloud services.
- Perform advanced vulnerability assessments across on-premises, cloud, containerized, and hybrid environments.
- Analyze vulnerability scan results, prioritize findings based on risk, exploitability, and business impact.
- Integrate threat intelligence and MITRE ATT&CK mapping to contextualize vulnerabilities and enhance prioritization.
- Collaborate with infrastructure and business information security officers (BISO) teams to drive timely remediation and mitigation.
- Identify and recommend compensating controls when immediate remediation is not feasible.
- Develop and maintain metrics and dashboards to report on vulnerability trends, remediation progress, and risk posture.
- Utilize automated compliance tools to assess and validate configuration compliance for operating systems, databases, network devices, and cloud services.
- Partner with IT and engineering teams to remediate configuration drift and ensure continuous compliance.
- Map configuration assurance controls to regulatory frameworks (e.g., NIST, CIS, ISO 27001, PCI-DSS, HIPAA).
- Maintain documentation of configuration standards and exceptions.
- Leverage data analytics to identify trends, anomalies, and risk concentrations across vulnerability and configuration data.
- Build and maintain dashboards and visualizations using tools such as Tableau, etc.
- Present actionable insights to technical and executive stakeholders to support risk-based decision-making.
- Develop scripts and automation workflows to streamline scanning, reporting, and remediation tracking.
- Integrate vulnerability and configuration data into SIEM, GRC, and ticketing systems.
- Provide executive-level reporting and risk analysis to support strategic decision-making.
- Participate in internal and external audits, ensuring evidence of vulnerability and configuration assurance controls.
- Stay current with emerging threats, vulnerabilities, and security technologies.
Requirements
- Bachelor's or master's degree in computer science, Cybersecurity, or related field.
- 8+ years of experience in vulnerability management, configuration assurance, or related security engineering roles.
- Relevant security certifications such as CISSP, CISM, OSCP, GIAC (GSEC, GCIH, GCIA, etc.) from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.)
- Hands on experience with vulnerability scanning tools and configuration assessment platforms.
- Familiar with advanced vulnerability management techniques such as continuous threat and exposure management and external attack surface management.
- Deep understanding of CVSS, MITRE ATT&CK, threat modeling, and risk-based prioritization.
- Experience implementing and validating compensating controls in enterprise environments.
- Knowledge of cybersecurity concepts and methods including secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies, and architecture.
- Deep understanding of security vulnerabilities, exploits, and mitigation techniques.
- Strong understanding of risk analysis, vulnerability assessment methodologies, and securing baselines.
- Clear understanding of various operating systems (Windows, Unix, etc.,), secure configuration and build images.
- Experience with cloud platforms (AWS, Azure, GCP), container security (Docker, Kubernetes), and security frameworks specific to cloud environment.
- Familiarity with security best practices, regulatory requirements, and industry frameworks (e.g., NIST, ISO, CIS, etc.).
- Strong scripting skills (Python, PowerShell, Bash) for automation and data manipulation.
- Strong knowledge of networking protocols, firewalls, VPNs, and security measures.
- Strong analytical, problem-solving, communication, and technical writing skills.
- Excellent communication skills and ability to influence cross-functional teams.
- Experience working in large, complex environments.
- Ability to manage multiple projects and tasks effectively, with a proactive and detail-oriented approach.
- Able to translate complex technical issues into simple, easy to understand concepts.
Benefits
- Access to mentorship opportunities
- Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups.
- Access to learning content on Degreed and other informational platforms.
- Industry leading pay and benefits.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Analista Fiscal Pleno managing operational tax entries in ERP systems for the financial sector in Belo Horizonte. Working with legislative compliance and tax recovery analysis.
Junior/Semi - Senior Tax Analyst managing operational tax routines and ensuring compliance with tax legislation. Involved in audits and supporting senior management in tax contingencies.
SAP IT Analyst improving SAP systems and processes for healthcare journeys. Expertise in SAP modules and data migration with business process understanding.
Cost Control Analyst ensuring accuracy of invoices against flight operating data and price lists. Collaborating with finance and procurement teams in an exciting aviation environment.
Analyst in Human Services focusing on Research & Business Intelligence with the Region of Peel. Responsible for BI project execution, requirements gathering and stakeholder collaboration.
Junior Academic Analyst focusing on academic processes at YDUQS. Involves managing educational units and supporting institutional relationships.
Senior Analyst ensuring efficiency and reliability of M&E systems at JetBlue. Troubleshooting issues, revising processes, and providing user training while documenting best practices.
Senior Analyst for Agile Reporting at JetBlue enhancing data visualization and metrics for development teams. Collaborating and coaching for continuous improvement in Agile practices.
Analista de Mídia Sênior implementando campanhas e gerenciando relatórios de desempenho na WMS. Trabalhando com estratégias de mídia digital nas principais plataformas com foco em resultados.