Key skills
FirewallsLinuxActive DirectoryCommunicationOWASP
About this role
Role Overview
- Deliver vulnerability management as a service, overseeing multiple workstreams while meeting specific service-level (SLA) commitments.
- Manage the full remediation lifecycle by collaborating with infrastructure and application owners on security hot-fixes and patch validation.
- Perform discovery and grouping of network-connected systems to ensure comprehensive scanning across networks, OSs, apps, and databases.
- Conduct regular scans on both production and pre-production deployments to identify flaws before and after release.
- Create remediation reports and dashboards to track vulnerabilities and remediations
- Assist with attestation scan and compliance report
- Analyze vulnerabilities to filter false positives and prioritize remediation based on the actual risk of exploitation.
- Develop remediation action plans and generate tickets for system owners to address identified flaws.
- Speak in-depth on hardening guidelines (NIST, CIS) and implement mitigation factors (Firewalls, IDS/IPS) to reduce risk when patching isn't immediate.
- Analyze new technologies, zero-day threats, and reviews of new technology released by supported vendors to provide mitigation strategies.
- Develop and document Standard Operating Procedures (SOPs) and assist in maintaining automation and scripting tools.
- Support cyber incident response teams with vulnerability discovery and identification during crisis management.
- Mentor, coach, and train other team members while producing educational content like blog posts and vulnerability summary sheets for customers.
- Handle customer escalations regarding technology or remediation issues to ensure successful service delivery.
Requirements
- Demonstrate strong customer service and communication skills, both oral and written with the ability to build relationships at all levels
- Possess experience, and demonstrated success, developing and managing an organizational vulnerability management program
- Demonstrate fundamental knowledge of network vulnerability scanning technologies
- Demonstrate an understanding of Web Application Security vulnerabilities and mitigating defenses
- Possess experience with vulnerability remediation management and patching
- Have knowledge of vulnerability management best practices from NIST, ISO, PCI, OWASP, and CIS
- Possess experience in deploying and operating vulnerability scanning infrastructure, services and solutions
- Leverage fundamental technical skills in the following areas:
- Active Directory
- Windows
- Linux
- Networking
- Are proficient in the use of data manipulation, dashboard and reporting tools
- Have earned industry recognized certifications, such as GEVA, CISSP, CISM, GPEN, GIAC, CISA, etc.
- Possess security consulting or managed services experience
Tech Stack
- Firewalls
- Linux
Benefits
- Medical, dental, vision, and disability insurance
- Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
- Unique professional development benefits with Annual “development dollars” to support our people growth and development
- Wellness contests and monthly educational programs
- 401(K) retirement program