Overview:
The Vulnerability Management Engineer II is responsible for managing the identification, assessment, reporting, and mitigation of infrastructure and cloud vulnerabilities. This role requires a mindset of a defender and the ability to operate in a fast-paced environment, working closely with infrastructure (Network, Firewall, Hypervisors, Servers) and business application teams.
Key Responsibilities:
- Serve in a contributing role that requires frequent interaction with IT and Infosec managers, engineers and developers.
- Provide vulnerability remediation governance and operational support.
- Perform vulnerability metrics reporting for ad-hoc and scheduled metrics report for various KPIs (Key Performance Indicators) around vulnerability management activities.
- Drive and track remediation initiatives across multiple support teams.
- Respond to questions from stakeholders about remediation and vulnerability assessment results and actions.
- Collaborate with support groups/stakeholders on details about identified vulnerabilities.
Requirements:
- Bachelor’s degree in Computer Science, Cybersecurity or other related field, or equivalent work experience.
- 5-8 years of combined IT and security work experience with a broad range of exposure to cybersecurity, systems analysis, application development and/or systems administration.
- 3+ years of vulnerability management experience.
- Proficient in various vulnerability assessment tools such as Qualys, Armis, Microsoft Defender for Endpoint/Cloud.
- Ability to analyze vulnerability metrics using Microsoft Excel advanced techniques.
- Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM), Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OSCP) or other equivalent recognized security certifications.
- Good understanding of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR).
- Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework.
- Excellent communication skills: able to explain complex concepts clearly to both technical and non-technical stakeholders.
Desired Skills:
- Exposure or knowledge of cloud architectures, services, and vulnerabilities.
- Understanding of risk assessment methodologies.
- Proficiency in using vulnerability scanning tools such as Qualys, Armis, MS Defender, etc.
- Ability to interpret vulnerability data from multiple sources.
- Reporting and metrics expertise with platforms such as ServiceNow (SecOps), PowerBI, etc.