Company Overview
We deliver reliable and accessible power to over 10 million people and businesses in NYC and Westchester. Committed to a net-zero economy by 2050, we are actively transitioning from fossil fuels through collaboration and investments in new technologies and infrastructure, ensuring an affordable, equitable, and environmentally just clean energy future.
About the Job
Join Con Edison as a System Analyst – Vulnerability Management and take a lead role in our application security efforts. You will drive vulnerability management responses, optimize security workflows, and conduct application vulnerability scans using industry-standard tools. Your responsibilities include assessing and prioritizing risks, collaborating with application teams on security practices, and communicating findings to stakeholders. You’ll also contribute to the development of security policies, stay updated on cybersecurity trends, and ensure timely remediation of vulnerabilities. If you are passionate about application security and eager to make a tangible impact, we encourage you to apply.
Responsibilities:
- Lead vulnerability management response activities.
- Continuously improve application security workflows (scanning, assessment, prioritization, remediation).
- Develop and maintain vulnerability management documentation (policies, procedures, runbooks).
- Configure and execute application vulnerability scans.
- Coordinate with application teams on security practices and provide technical guidance.
- Stay informed about cybersecurity news and emerging threats.
- Assess and prioritize vulnerabilities based on impact and risk.
- Communicate vulnerability statuses and risks to stakeholders and leadership.
- Coordinate vulnerability remediation efforts, offering technical support.
- Ensure timely escalation of critical vulnerabilities.
- Monitor application security trends and recommend risk mitigation strategies.
- Validate vulnerability remediation efforts.
- Collect, analyze, and report on vulnerability metrics using dashboards.
- Continuously enhance technical assessment skills.
- Present findings to executive-level stakeholders.
- Conduct training on application security and vulnerability management best practices.
- Serve as a technical expert for junior team members.
Qualifications:
- Required Education/Experience:
- Bachelor’s Degree with 2+ years of cybersecurity, application development, or related IT experience OR
- Associate’s Degree with 4+ years of relevant experience OR
- High School Diploma/GED with 5+ years of relevant experience.
- Relevant Work Experience:
- Previous IT or cybersecurity experience required.
- Knowledge of cybersecurity tools required.
- Understanding of standard IT policies (incident, problem, change management) required.
- Understanding of OWASP Top 10 required.
- Proficiency in reading common web languages (JS, C#, Angular, .NET) preferred.
- Familiarity with secure coding practices and vulnerability triaging preferred.
- Experience with application scanning (DAST, CAST) and vulnerability risk assessments preferred.
- Familiarity with Microsoft Azure or other cloud providers in application development preferred.
- Familiarity with API security testing and vulnerabilities preferred.
- Ability to be agile and work in a fast-paced environment.
- Highly organized and detail-oriented.
- Strong analytical and impact analysis skills.
- Ability to manage multiple priorities effectively.
- Knowledge of data/business intelligence tools (e.g., PowerBI) preferred.
- Skills and Abilities:
- Strong verbal and written communication skills.
- Demonstrated analytical skills.
- Proficiency in Microsoft Office Suite.
- Licenses and Certifications:
- Driver’s License Required.
- Additional Physical Demands:
- Must be able to respond to Company emergencies.
- Must be able and willing to travel within the service territory.
- Must be available 24/7, on call, and participate in off-hour emergency response as needed.