Search 19,119 current hospitality jobs

Sr. Information Security Analyst - Vulnerability

Posted April 21, 2021

Marriott International
Bethesda, MD

About This Job


Contributes to workgroups and functions as a technical expert. Assesses, prioritizes, and reports on vulnerabilities and remediation efforts across the enterprise. Reviews and documents internal systems review activities. Contributes to designs and roll out of evaluation and improvement processes to assure the inclusion of appropriate elements of quality and compliance with security policy and regulations. Supports the definition and implementation of the Vulnerability Management Program through the identification and analysis of known and newly found vulnerabilities to determine their operational and security impact. Address vulnerabilities found through remediation recommendations, vulnerability alerts, and threat intelligence. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.


 Education and Experience


  • Bachelor’s degree in Computer Sciences or related field or equivalent combination of experience and certification
  • 5 years of information security experience that also includes background and knowledge of general security concepts such as defense in-depth, least privilege, etc.
  • 2+ years’ experience with:
    • Vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures, threat assessment, and remediation management

o   Managing or using enterprise vulnerability assessment technologies, including, Tenable Security Center, or similar vulnerability solutions


  • Current information security certification, including Certified Information Systems Security Professional (CISSP), GIAC certification, or Certified Information Security Manager (CISM)
  • Technical leadership experience in a sourced environment
  • Working knowledge of enterprise vulnerability management in a large commercial enterprise
  • Working knowledge of understanding and evaluating risk as it pertains to vulnerabilities, threats, patches, and mitigations
  • Basic project management skills
  • IT infrastructure operations, administration, or engineering background
  • Ability to understand and manipulate large data sets to provide analysis and reporting
  • Experience with managing technical aspects of various controls frameworks, such as NIST Security and Privacy Controls and PCI-DSS
  • Excellent communication skills and problem solving ability
  • Demonstrated ability to work independently and with others


  • Contribute technical expertise to the vulnerability management process, including support of remediation activities
  • Identify, triage, and prioritize vulnerabilities and associated remediation and mitigation activity using multiple sources of vulnerability, threat, and asset data
  • Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities for which complete remediation does not exist, on both individual assets and on multi-asset solutions and environments
  • Use internal solutions to report on open vulnerabilities, remediation progress, remediation compliance, and vulnerability metrics for use by technical, management, and executive stakeholders
  • Coordinate testing of assets and environments to include penetration testing and security assessments
  • Perform planned and ad-hoc vulnerability scanning, determine remediation options, and track remediation to completion
  • Assist in the direction of third-party vendors activities to include prioritizing work, developing processes to govern such activities, and reporting on the status, type, and effectiveness of those activities
  • Support PCI assessment activities, including internal assessments and quarterly PCI ASV attestation   
  • Maintain documentation related to assigned vulnerability management activities for use by internal staff and technical stakeholders
  • Identifies opportunities and provides information to educate technology users to continually improve the knowledge and skill-base of the organization on how best to perform patch management and vulnerability management
  • Participates in the evaluation and selection of security services products
  • Assist with the development and implementation of strategies to enhance and mature the vulnerability management program
  • Promotes the benefits of security services to the organization
  • Educates the team on security concepts as appropriate to the position’s areas of responsibility

Technical Leadership

  • Provides technical expertise other team members and internal stakeholders as appropriate
  • Provides leadership to remediation teams around prioritization involving security-driven workstreams
  • Identifies opportunities to enhance the service delivery processes

IT Governance

  • Follows all defined IT standards and processes (e.g., IT Governance, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
  • Maintains a proper balance between business and operational risk
  • Follows the defined project management standards and processes
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

About this Employer

Marriott International

10400 Fernwood Rd.
Bethesda, MD 20817

(301) 380-3000

Corporate Office

Follow us:

What Does it Mean to Be a Marriott International Associate?

It means feeling the power of belonging. We feel it each and every day. It comes from being recognized. It comes from knowing Marriott International sees talent in each of us. And, it comes from working together, as a family, to make our guests feel as much at home as we do. It's why so many of our associates come for a job, but stay for a career.


  • Marriott's managers and leaders take a personal interest in each associate
  • Marriott offers resources and support so associates have what they need to develop to their full potential
  • Marriott is committed to hiring a diverse workforce and sustaining an inclusive culture


  • A work environment that is a "home away from home" for many associates, where co-workers are also friends
  • Service is what sets Marriott apart with our guests, so Marriott associates are empowered to go the extra mile, do the job right, and deliver exceptional guest experiences
  • Working for Marriott gives associates a sense of pride and dignity, where they are empowered to deliver their personal best, every day, for every guest and each other

What Sets Us Apart?

We believe our strength is rooted in our five core values:

  • Putting people first
  • Pursuing excellence
  • Embracing change
  • Acting with integrity, and
  • Serving our world

These values are our legacy and our future. As we pursue our vision of making Marriott the #1 travel company in the world, we never lose sight of our founding principles and our proud heritage. We are constantly innovating and evolving, but we'll always stay true to who we are, because we believe the way we do business is as important as the business we do.