Vacancy expired!
- Act as the subject matter expert and provide recommendations with technical guidance for the vulnerability management lifecycle
- Inform, advise, and partner with our clients to research, develop and implement a secure and efficient architecture to discover and remediate vulnerabilities
- Help clients to create effective solutions to safely patch infrastructure at scale, including assisting with automated deployment
- Create and evolve a risk prioritization framework that accounts for multiple factors including vulnerability severity, system function, and network accessibility.
- Utilize tools and analytical skills to investigate the root cause of issues across the technologies.
- Advise clients regarding remediation of vulnerability, configuration, other security deficiencies and to mature their understanding of security tools.
- Review new cloud technologies and products for security implications and risks for our clients
- Develop playbooks, runbooks, troubleshoot technical issues, and recognize and identify security risks and patterns for our clients
- Develop functional and design specifications for client work products
- Provide architectural security guidance building cloud infrastructure in compliance with industry standards (i.e., PCI-DSS, ISO, SSAE/SOC, etc.)
- Act as an advocate for security and the team in all tasks and client engagements, not just vulnerability management specific.
- Participate in incident response activities as needed.
- Implement and operationalize advanced Vulnerability Management reporting tools.
- Maintain awareness of emerging trends and changes that pose risk and threats in the Cybersecurity industry
- Capable of managing and acting as lead consultant for a small delivery team of junior level cloud security engineers, or acting independently
- 5+ years hands-on experience in vulnerability management/penetration testing
- Experience managing the entire vulnerability lifecycle from discovery, triage, remediation, and validation
- Experience conducting organization-wide vulnerability scanning and remediation processes
- Experience hardening system images according to industry baselines, such as CIS Benchmarks
- Experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
- Experience with cloud security posture management tools (e.g. Prisma, Orca Security, ZScaler CSPM, etc.) and remediating vulnerabilities and misconfigurations in cloud environments
- Create process automation including scripting and API integrations
- Strong understanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle.
- Experience utilizing SOAR tools
- Have a strong, practical understanding of modern cloud IT infrastructure, networking, and security engineering concepts
- Experience with image life cycle management and integrating into vulnerability management solutions
- Experience in identifying gaps in current processes, workflows, and design and recommend changes or enhancements as needed.
- Establish and mature processes around vulnerability management, including operating models, maturity models, SLAs/SLOs, discovery, and handling.
- Experience categorizing threat actor tactics, techniques, and procedures within the MITRE frameworks such as ATT&CK and D3FEND
- Designed, developed, and operationalized vulnerability management metrics and dashboards
- Understanding information security risk measurement, both qualitative and quantitative
- Understanding of industry best practices, security, and regulatory frameworks relating to the vulnerability management lifecycle
- Create and maintain standard operating procedures, training documents, and technical documents
- Experience managing a backlog and delivery team of technical and non-technical professionals
- Familiar with distributed systems, networking, and database fundamentals
- Ability to influence business leader support to remediate vulnerabilities in accordance with defined timeframes to reduce the attack surface.
- Strong understanding in operating systems, supporting infrastructure, endpoint applications, networking protocols, and devices.
- Maintain situational awareness around industry news on software vulnerabilities, including zero-day vulnerabilities and emergency patching
- Threat Hunting or Purple Teaming experience a plus.
- Leadership experience and executive level communication and facilitation skills across technical and non-technical stakeholders
- Excellent written and verbal communications skills including demonstrated proficiency in clearly communicating technical concepts to non-technical audiences in business terminology
- Ability to maintain a high degree of professionalism in all client communications
- Ability to influence others, build relationships, and manage conflicts
- Highly motivated, consultative, problem solving mindset
- Brief management, as needed, on the status of action items and/or results of these activities
- Bachelor's degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or related field
- Vendor, technical, and non-technical certifications (e.g., CEH, GEVA, GPEN, OSCP, RSA, SANS, ISC2 and information security solution vendor partners)
- Experience with vulnerability scanning and automation configuration tools (e.g., Rapid7, Tenable, Qualys, Vulcan, Tipwire, SCCM, InTune, SolarWinds, Ivanti, etc.) to scan, manage, prioritize and remediate vulnerabilities
- Comprehensive knowledge of various operating systems, infrastructure (on/off-prem), cloud deployments, endpoints, applications, networking protocols, and devices.
- Scripting experience in Python, Java, PowerShell, or similar tools a plus
- Experience working with a leading threat intelligence platform and other methods for gathering data
- Experience with industry standard SAST/DAST/SCA and penetration testing tools a plus
- ID: #50017893
- State: Florida Tampa bay area 33601 Tampa bay area USA
- City: Tampa bay area
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2023-05-29
- Deadline: 2023-07-27
- Category: Et cetera