Lead Security Engineer - Vulnerability Management
- Drive vulnerability patching, accountability, and security hygiene across the enterprise
- Author clear, authoritative responses to vulnerability queries
- Provide guidance to teams regarding the impact of security issues
- Define and track KPIs to measure vulnerability trends, and report on success from both a business and technology perspective
- Conduct reviews and recommend layered defenses to prevent exploits, detect and disrupt attacks
- Implement and refine processes, capabilities, and techniques for vulnerability management and security testing
- Assist compliance and risk management activities, recommending security controls and corrective actions to mitigate risks
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners and assist teams with properly mitigating and remediating issues
- Collaborate with appropriate internal teams to refine penetration testing methods and breadth of security services
- Experienced in vulnerability assessment and penetration testing.
- Experience managing vulnerability management and security testing for cloud services
- Expert knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
- Expert knowledge of system, application, and database hardening techniques and practices.
- Expert knowledge of Internet security and networking protocols.
- Experience with software development and skillful in a scripting language (Python/Ruby)
- Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
- Self-motivated, team player, and detail oriented.
- Excellent written and verbal communications.
- Hands on experience with ticketing systems (e.g. Jira/ServiceNow), vulnerability scanners (e.g. Nessus/Qualsys), visualization (e.g. Looker/Tableau), and risk management platforms (e.g. Kenna/Resolver)
- Ideally CISSP / CISM GSEC certified or equivalent experience.
- 5+ years of experience in vulnerability assessment and penetration testing.
- Knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
- Strong understanding of vulnerability management and security testing practices and methodologies.
- Knowledge of vulnerability frameworks, application vulnerabilities and network protocols