Sr. Security Data Strategy Analyst
Location: Chicago – Required to be on-site at least 1 day per week
Job Type: W2 Contract
Schedule: Monday – Friday; 1st shift
Pay Rate: Starting at $78/hourly with optional benefits including PTO, medical insurance, and 401k
Role Overview
This individual contributor role is responsible for architecting and operationalizing the design phase of CNA’s Unified Vulnerability Management and Security Data Lake initiative. The contractor will define the canonical data model, establish data quality and normalization patterns (e.g., Bronze/Silver/Gold), and design integration approaches across scanners, asset sources, and remediation workflows to deliver a unified, normalized view of the vulnerability landscape. The role involves close collaboration with Security Architecture, Vulnerability Management, AppSec, and Enterprise Data teams to evaluate platform options (e.g., Axonius vs. broader data platforms), ensure vendor-agnostic data portability, and prepare the program for 2026 delivery milestones. Additionally, the contractor will guide the development, implementation, communication, and maintenance of a department-wide information security data strategy.
Key Responsibilities:
- Lead the Decision/Design Phase: Produce target-state architecture, integration patterns, and a delivery roadmap aligned with the UVM + Security Data Lake business case.
- Canonical Data Model & Normalization: Define the vulnerability/asset/exposure model and the Bronze ? Silver ? Gold (medallion) approach for ingestion, conformance, and consumption.
- Data Quality & Governance: Establish data quality rules, metrics, SLAs; define controls for lineage, cataloging, and business definitions.
- Tooling Strategy: Evaluate Axonius vs. alternative data platforms; document integration points and trade-offs.
- Inter-Tool Mapping & Ingestion: Design and prototype ingestion/mapping for key systems; define normalization schema and harmonized identifiers.
- Prioritization Methodology: Specify scoring framework combining external severity and internal business risk.
- Workflow & Ticketing Integration: Define integration patterns to ServiceNow for ticket creation, assignment, and status telemetry.
- Standards Alignment: Ensure compliance with CNA Vulnerability Management Standard and Security Architecture guidance.
- Reporting & Consumption: Define flexible reporting for technical and leadership stakeholders; specify certified semantic layers and downstream access.
- Vendor & Platform Due Diligence: Contribute to market scans and evaluations with success criteria and migration considerations.
- Knowledge Transfer: Create a runbook and handoff plan for operations and engineering teams for 2026 delivery stages.
Required Skills:
- Data Architecture & Modeling: Expertise in canonical modeling, medallion/Delta patterns, data contracts, MDM/ER techniques.
- Security Data Domain: Fluency with vulnerability/asset/security datasets and CTEM outcomes.
- Integration & Pipelines: Hands-on experience with ingestion frameworks and schema evolution.
- Governance & Quality: Ability to define data quality rules, lineage, cataloging, and common definitions.
- Workflow/ITSM: Familiarity with ServiceNow data models and ticket orchestration.
- Communication & Influence: Skilled in aligning diverse stakeholders around a unified architecture and phased plan.
Education & Experience:
- Bachelor’s degree in Computer Science or related discipline, or equivalent work experience.
- Minimum of 7 years in data analytics, security vulnerability analysis, remediation management, data architecture, or security data strategy.
Preferred Qualifications:
- Experience in consulting or technical account management.
- Certifications: CISSP, CCSP, PMP, Network+, Security+.
- Experience with platforms like Axonius, ArmorCode, TenableOne, Brinqa, Kenna Security.
- Familiarity with vulnerability and remediation management data analysis.
- Cloud data platform experience (e.g., BigQuery, Power BI, Tableau).