Primary Tasks and Responsibilities:
Assist in defining, driving, and delivering key elements of vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company.Establish regular and actionable vulnerability reports for review by Leadership and Engineers.Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements.Establish vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams.Proactively engage Engineering teams to ensure timely remediation of vulnerabilities identified during application security assessments, cloud infrastructure vulnerability scans, and manual application security tests.Ability to use automation tools to write orchestration playbooks to remediate configuration issues/apply patches, etc.Manage day-to-day operations of vulnerability identification and remediation.Be curious about produced services and how cyber risks and vulnerabilities could impact operations.Use prior experience to lead, mentor, and coach peers in effectively managing vulnerabilities.Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services.Continuously review security and privacy practices.Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused.Upkeep of vulnerability management security tooling.Key Qualifications:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems.5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment.Must have prior development experience with Python, .NET, and Java code languages.Experience designing and managing a world-class vulnerability management program.Excellent written and verbal skills.Ability to be a self-starter and motivated to help Engineering teams understand cyber security best practices.Advanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools.Experience creating and implementing strategies for complex systems.Knowledge and experience with information security controls, infrastructure, and implementation techniques.Preferred Qualifications:
Experience in improving vulnerability remediation requirements.Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations.Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH.Experience in delivering product security in one or more public clouds (Azure, AWS, GCP).Experience in securely operating highly distributed systems with published SLAs.Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2.#J-18808-Ljbffr
