Success Starts Here

As a leading global supplier of wafer fabrication equipment and services to the semiconductor industry, Lam Research develops innovative solutions that help our customers build smaller, faster, and more power-efficient devices.

We are a company comprised of people who work hard, deliver outstanding results and maintain a sense of humor during even the most challenging times. Our success results from our employees' diverse technical and business expertise, which fuels close collaboration and ongoing innovation. We know that our dynamic, global team of exceptional employees is essential to our continued growth.

Join the Lam Research team, where you can play a vital role in the future of electronics and write your own success story.

Information Security Risk Analyst - Vulnerability Management

Date:  Feb 11, 2024

Bangalore, KA, IN, 560071

Req ID:  178306

Job Responsibilities

Job Summary: 

As a Vulnerability Management Analyst at Lam Research, you will play a critical role in execution of Vulnerability Management program. An ideal candidate will be a subject matter expert in the VM Lifecycle Process and Reporting; with an ability to self-start while supporting and improving the overall vulnerability management program for On-Prem infrastructure security, application security and cloud security. The candidate must possess good understanding of tools, techniques, and procedures that modern attackers use and have required understanding of security frameworks and methodologies such as OWASP 10, SANS TOP 25, MITRE ATT&CK. This role requires the ability to work with teams across different time zones, including India, Japan, and the USA. As a Risk Analyst, you will play a crucial role in ensuring information security compliance, mitigating risks, and driving overall security excellence within the organization.

Roles & Responsibilities:

• You will be responsible for providing management and oversight to the internally delivered cybersecurity vulnerability management service. You will own and manage the vulnerability assessment and management program and execute a vulnerability management strategy.
• Design and develop vulnerability mitigation strategy, prioritize identified vulnerabilities, and manage risk associated with vulnerabilities. 
• Classify and prioritize the risk of new vulnerabilities according to the specifics of our unique environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.
• Participate in impact assessments to help define prioritization and proper monitoring coverage. Provide recommendations and technical guidance for the vulnerability management program. Validate scan results, research mitigation methods and retest findings. Demonstrate understanding of infrastructure/cloud vulnerability scanning and configuration.
• Develop automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs.
• Expected to possess strong knowledge of vulnerability management – Triage, Prioritize, Remediate, and security threat modelling.
• Develop relationships with IT teams to resolve aging critical vulnerabilities on assets, establish regular forums with stakeholders to drive remediation of vulnerabilities. 
• Analyze requirements to develop and manage program metrics and performance through reporting. Produce detailed reports and present metrics to key stakeholders in the business. 
• Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
• Maintain oversight of vulnerability reporting communications 

Minimum Qualifications

•    Bachelor’s degree in computer science, Information Technology, Cyber Security, or related discipline
•    7+ years of Cybersecurity experience with a concentration in vulnerability management
•    Understanding of a variety of technical concepts such as Networking, systems administration, application development, and information security practices
•    Knowledge of information security industry and regulatory obligations (ISO 27000-series, NIST Framework, etc.) 
•    Experience with scanning tools such as Microsoft Defender, Tenable, Rapid7 and Qualys and their configurations is preferred.
•    Certified in one of the security certifications like CEH/CISSP/OSCP
•    Experience with data analytics with the ability to provide qualitative analysis and recommendations.
•    Ability to develop strong working relationships with a variety of other enabling teams.
•    Strong attention to detail, data accuracy, and data analysis
•    Self-motivated and operates with a high sense of urgency and a high level of integrity.
•    Ability to automate technical tasks using API or scripting.
•    Strong verbal and written communication skills.


Our Commitment


We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results.

Lam Research ("Lam" or the "Company") is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees.

Job Segment: Information Security, Compliance, Computer Science, Information Systems, Technology, Legal, Research