Vulnerability Manager at Avant
What you do at Avant:
- Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
- Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
- Support internal and external auditors in their duties that focus on compliance and risk reduction.
- Collaborate with security groups such as security operations, data security, and risk and compliance to form a holistic team dedicated to thwarting attackers and reducing attack surface.
- Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
- Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise, or information leakage.
- Define and report key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Why you are a fit for Avant:
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- At least 3-5+ years’ experience in information security administration, vulnerability management, security operations, or risk.
- Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source.
- Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.
- Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).
- Experience conducting organization-wide vulnerability scanning and remediation processes.
- Knowledge of one or more compliance standards, including Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO).
- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.