Vulnerability Manager
Avant is dedicated to building premier digital banking solutions for the middle class through a combination of technology, analytics and superior customer service. Since 2012, Avant has connected over 1.5 million customers to over $7.5 billion in loans and 500,000 credit cards. A high growth financial technology company, Avant has been featured in The Wall Street Journal, The New York Times, TechCrunch, Fortune, Bloomberg, and has raised over $600 million of equity capital. Visit www.avant.com for more information.
A vulnerability management manager is an advanced, hands-on practitioner and representative of the cybersecurity defense team. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. The role also requires an understanding of business and governance processes. Vulnerability management managers are responsible for the overall management lifecycle of the program. They must understand applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs). Additionally, they are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use.
What you do at Avant:
- Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
- Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
- Support internal and external auditors in their duties that focus on compliance and risk reduction.
- Collaborate with security groups such as security operations, data security, and risk and compliance to form a holistic team dedicated to thwarting attackers and reducing attack surface.
- Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
- Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise, or information leakage.
- Define and report key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Why you are a fit for Avant:
- Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent.
- At least 3-5+ years’ experience in information security administration, vulnerability management, security operations, or risk.
- Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source.
- Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.
- Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).
- Experience conducting organization-wide vulnerability scanning and remediation processes.
- Knowledge of one or more compliance standards, including Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO).
- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
Additional Qualifications:
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Self-starter requiring minimal supervision.
- Excellence in communicating business risk and remediation requirements from assessments.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
Why Avant is a fit for you:
At Avant, we believe our values make a difference:
We value, support, and help each other grow
We are committed to active inclusion and diversity
We are transparent and believe the best idea wins
We succeed when our customers succeed
We get sh!t done… responsibly
And we keep it fun!
We believe that ideas are more important than titles, everything is more fun together, everyone drives change, and everyone is an owner. While we believe the perks and benefits that we offer are terrific, nothing excites us more than having the ability to collaborate with intelligent, highly-motivated and talented people on challenging problems as we work to change the face of online lending.
Avant is an equal opportunity employer and individuals seeking employment are considered without regard to race, color, national origin, religion, sex (including pregnancy, sexual orientation or gender identity), age, disability or genetic information or any other factor protected by applicable federal, state or local law, regulation or ordinance.