SUMMARY:
This position is responsible for tracking security improvements and helping the company apply increasingly stringent security standards. The role requires deep expertise in security standards, threat and vulnerability management, exploitation techniques, and secure development standards. It involves detecting vulnerabilities, assessing their impact on the organization, and communicating risks to stakeholders. This position also manages coordinated disclosure processes, collaborating with external researchers to responsibly report and resolve vulnerabilities.
KEY RESPONSIBILITIES:
- Perform in-depth analysis of vulnerabilities by correlating data from various sources
- Proactively research and monitor security-related information sources for vulnerability discovery
- Assess impact of vulnerabilities on critical systems or data and advise on remediation
- Maintain patch and vulnerability management practices to protect against exploitation
- Manage tracking and remediation of vulnerabilities, obtaining action plans from stakeholders and using ticketing systems
- Research current vulnerabilities and exploits using trusted resources
- Document remediation tasks for application and system owners
- Report findings and remediation recommendations to stakeholders (e.g., executive reports, trends reports)
- Assist system engineering team in configuring and deploying vulnerability scanning and network assessment tools
- Support Incident Detection and Response team in daily operations
- Conduct scans to identify vulnerabilities and ensure security standards compliance
- Coordinate with external researchers and organizations during the disclosure process for responsible reporting and resolution
- Collaborate with teams to implement and utilize automated tools for vulnerability management
- Coordinate with teams to perform regular patching and scanning
Requirements
MINIMUM QUALIFICATIONS:
- Extensive experience in vulnerability management, patch management, and configuration management best practices
- Knowledge of researching vulnerabilities, exploitation techniques, and industry trends/threats
- Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS)
- Experience with vulnerability and compliance scanning tools such as Qualys, Rapid7, or Tenable Nessus
- Ability to interpret security advisories and understand vulnerability exploitation and impact
- Project management experience
- Experience with patching procedures for Linux, Windows, etc
- Ability to self-direct project outcomes and achieve program goals with minimal supervision
- Problem-solving and troubleshooting skills for resolving communication and system issues
PREFERRED QUALIFICATIONS:
- BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems
- Prior experience with coordinated disclosure programs and working with external security researchers
- Desired certifications include CISSP or similar
- Experience implementing scanning architectures
- Familiarity with data analysis and visualization technologies
- Experience managing and tracking vulnerability cases
- Excellent written and oral communication skills