Job Title: Vulnerability Management Engineer I
Reports to: Threat and Vulnerability Management Lead
Job Location: San Diego, CA, USA
Job Status: Exempt
About SHEIN
SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from global network of vendors, all at affordable prices. Headquartered in Singapore, SHEIN remains committed to making the beauty of fashion accessible to all, promoting its industry-leading, on demand production methodology, for a smarter, future-ready industry. Founded in 2012, SHEIN has more than 16,000 employees operating from offices around the world, and continues to expand operations globally. Join SHEIN and be the future!
Position Summary
SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN’s global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.
We're seeking a full-time Vulnerability Management Engineer I for our San Diego-based office hub, who will be responsible for performing assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
The Vulnerability Management Engineer will help to ensure all production security controls and technologies operate in compliance with all established polices and SLAs, across all aspects of the security operating framework.
The engineer should have a solid technical understanding of application, host and network security practices, as well as TVM core knowledge, skills and abilities. Must be familiar with security industry standards and best practices, and must be able to effectively work with development, engineering and operational counterparts, across a broad deeply technical environment in all security areas common within an e-commerce and technology industry.
Job Responsibilities
- Conduct vulnerability scans using enterprise vulnerability scanners, analyze generated reports, and validate potential findings.
- Track and provide metrics and insights on vulnerabilities and remediation.
- Provide technical assistance to owners of the impacted systems and applications to prioritize remediation and/or mitigation of vulnerabilities.
- Implement and utilize automation to improve processes.
- Gather and assess vulnerability and threat information from various internal and external sources.
- Generate and manage asset inventory reports.
- Ensure organization adheres to vulnerability management processes and standards.
- Support, maintain and integrate the vulnerability management solutions with other cybersecurity and ticketing technologies.
- Other duties as assigned.
- Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.
- Demonstrates continuous effort to improve operational performance, streamline work processes and work cooperatively and provide quality seamless customer service.
Job Requirements
- Possess a Bachelor’s degree or higher in the field of engineering, computer science or equivalent advance technology field of study. Equivalent professional experience may be substituted in lieu of education.
- Relevant cyber security certifications, such as CISSP and GIAC are highly desired.
- 1+ years of hands-on Information Security experience within a large enterprise.
- Comprehensive understanding of Vulnerability Management capabilities and functions.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of how traffic flows across the network and OSI model.
- Experience with vulnerability scanning technologies, e.g. Tenable, Rapid7, Qualys.
- Experience with penetration testing principles, tools, and techniques.
- Experience using enterprise ticketing technologies, e.g. ServiceNow.
- Knowledge and experience in validating and triaging vulnerabilities.
- Assertive, proactive attitude to assist with and solve challenging issues.
- Stays current with new and existing vulnerabilities, threat intelligence and related news.
- Experience with languages like Python, Powershell, GoLang, or others.
- Ability to participate in cross functional teams, including global remote resources.
- Must possess the ability to understand new concepts quickly and apply them in an evolving environment while contributing to the development of new processes.
- Ability to work independently or in a team environment is essential as is the ability to work extended hours as required.
- High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity
- Must be able to support on-call, escalation and high-paced/ fast tempo operating environment.
Pay
$92,000.00 min. - $148,700.00 max annually. Bonus & RSU offered.
Benefits and Perks
- Healthcare (medical, dental, vision, prescription drugs)
- Health Savings Account with Employer Funding
- Flexible Spending Accounts (Healthcare and Dependent care)
- Company-Paid Basic Life/AD&D insurance
- Company-Paid Short-Term and Long-Term Disability
- Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
- Employee Assistance Program
- Business Travel Accident Insurance
- 401(k) Savings Plan with discretionary company match and access to a financial advisor
- Vacation, paid holidays, floating holiday and sick days
- Employee discounts
- Free weekly catered lunch
- Dog-friendly office (available at select locations)
- Free gym access (available at select locations)
- Free swag giveaways
- Annual Holiday Party
- Invitations to pop-ups and other company events
- Complimentary daily office snacks and beverages
SHEIN Technology LLC is an equal opportunity employer committed to a diverse workplace environment.
