Sr./Security Engineer, "Threat and Vulnerability Management"
Target Salary: $130,000 + bonus (Flexible based on Exp Level)
Bonus 8% - 12%
Hybrid - prefer location in Morgantown WV or Reston, VA Area.
- Providing Vulnerability Management direction and program services execution.
- Owning and maturing vulnerability management programs in local as well as private and public cloud environments.
- Designing and driving strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a mid-size organization
- Perform technical security assessments of applications and infrastructure, as well as secure design & configuration.
- Recommending security standards and best practices for their organization
- Managing the consolidation of large sets of data specific to vulnerabilities to apply accurate risk ranking and prioritization.
- Providing support for network penetration testing
- Leading and delivering Vulnerability Management related reporting and metrics including Key Risk Indicators (KRI’s) as required.
- Driving and overseeing the development of vulnerability management (Playbooks, Run Books)
- Working in a fast-paced and changing environment while handling multiple tasks and directives.
- Performing special projects and other duties as assigned.
Skills and Attributes
- Participate in the creation of enterprise information security and risk management documents (policies, standards, baselines, guidelines, and procedures).
- Hands-on in the trenches experience leading or collaborating with technical and non-technical team members.
- Strong experience in vulnerability management services for complex applications, network systems, operating systems, system hardening and secure configuration frameworks
- Expert in driving vulnerability management reporting and provides guidance to IT teams in patching and solutions to mitigate security threats.
- Experience with vulnerability management tools, such as Tenable Nessus, Rapid7, and others.
- Experience with cloud security vendors, e.g., Google, AWS, Azure, others.
- Experience creating and refining metrics to articulate and measure security program performance.
- Extensive knowledge of computer security architectures and protocols, including firewalls, DMZs, remote access/VPN, wireless LANs, penetration testing, web security, and Windows operating systems, DDoS third party services, other.
- Experience with containers and knowledge of Kubernetes and Docker.
- Must be able to work in a fast-paced and changing environment while handling multiple tasks, priorities, and directives. Capable of working under pressure.
- Strong written and communication and presentation skills. and the ability to effectively relate security-related concepts to a broad range of technical and non-technical staff.
- Perform gap analysis between the current state of technical cybersecurity risk assessments and required criteria. Conduct Technical application risk assessments and vendor risk assessments. Create and maintain Information Security policy exceptions process.
- Serves as the liaison between cyber security, risk management, and information security through cyber risk identification, measurement of potential losses, regulatory needs, mitigation, monitoring, reporting and escalation processes. Ensure cybersecurity risk assessments incorporate End of Life/ End of Vendor Service software/ hardware compliance.
Education & Experience
- Bachelor’s degree in Computer Science, Information Security, or other relevant discipline.
- Minimum 3 years’ experience in working as a threat & vulnerability management expert and developing programs.
- Minimum of 3-5 years’ experience in working in IT Security or like role.
- Demonstrated experience building and managing vulnerability management programs.
- Knowledge of Application Development, Network Engineering, Operating systems (UNIX, Windows), and cloud security.
- CISSP, CISA, CISM, or certifications preferred.