Lead, Security Engineer V&CM
United States of America
Full Time
22 hours ago
$156,000 - $181,000 USD
No H1B
Key skills
Vulnerability AssessmentWizTenableAWS CloudCyber SecurityNetwork SecurityOperating System SecurityVulnerability TestingTCP/IPPacket AnalysisLAN/WAN TechnologiesWindows Operating SystemLinux Operating SystemPatch ManagementStandard Operating Procedures DevelopmentAWS Security CertificationAWS Architect CertificationAWSMentoringCommunicationPresentation Skills
About this role
U.S. Financial Technology (U.S. FinTech) is seeking an experienced Lead, Security Engineer Vulnerability and Configuration Management to join their team of talented professionals. The role involves acting as a Subject Matter Expert for vulnerability assessments, collaborating with IT and DevOps teams, and mentoring junior analysts while ensuring compliance with security policies and best practices.
Responsibilities:
- Vulnerability Assessment
- Act as a Subject Matter Expert for the VCM program, processes, and tooling
- Configure, tune, and maintain vulnerability management tools
- Work with Security Architecture on new build outs, new business, new technologies, new environments to ensure coverage of VCM programs, processes, and tooling
- Build out new Security baselines for CIS, DISA STIG, and custom baselines
- Correlate Vulnerabilities with threat intelligence to assess exploitability and risk. Work with Cyber Security Operations Center to ensure mitigations are in place while vulnerabilities are being remediated
- Provide detailed risk assessments for discovered vulnerabilities
- Enforce remediation timelines in accordance with Standard Operating Procedures
- Remediation Tracking & Reporting
- Collaborate with IT and DevOps teams to ensure timely remediation of vulnerabilities
- Conduct regular and ad-hoc vulnerability scans using tools like Wiz or Tenable
- Integrate tools with all cloud environments. Ensure complete coverage of all IT environments
- Ensure alignment with internal security policies, regulatory requirements (NIST/SOC), and industry best practices
- Support audits and assessments by providing evidence and documentation
- Act as a liaison between security, IT, development, and risk teams
- Provide clear, actionable recommendations tailored to technical and non-technical audiences
- Provide guidance and training to junior members of the VCM team
- Identify potential gaps in the vulnerability or compliance management programs and propose improvements
- Develop and maintain Standard Operating Procedures, Frameworks, and Job Aids/HowTos
Requirements:
- Bachelor's Degree or equivalent required.BA/BS degree in Computer Science, Information Systems, Cyber Security or a related technical field
- Minimum of 7 years of experience with security engineering and operations, as well as experience managing and supporting large, complex mission-critical systems and with Vulnerability management tools, patching processes and tools, VM operation/workflow, or configuration/Baseline/File-integrity monitoring applications and processes
- Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future
- Subject matter expert of cloud based critical infrastructure systems and security threats for these systems (AWS Cloud experience required)
- Subject matter expert with cyber security in the domains of vulnerability and compliance management
- Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures
- Subject matter expert of network and system vulnerabilities, malware, networking protocols, multi-tiered applications, and attack methods to exploit vulnerabilities
- Experience in senior technical security role, including network security, operating system security, Internet or Web security, and vulnerability testing
- Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis, network engineering, and local and wide area (LAN/WAN) technologies and topologies
- Must have experience conducting comprehensive vulnerability assessments with vulnerability monitoring tools (Wiz and Tenable)
- General knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs
- Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials
- Be able to work in fast paced environment with occasional on-call activities
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills
- Self-starter; adaptable to change; motivated to set personal and program goals and pro-actively track performance against goals and initiatives
- Ability to manage multiple priorities – projects, deliverables, and stakeholders
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies
- Master's Degree is a plus
- AWS Security, AWS Architect certifications desired