18 Jun
Vulnerability Management Lead
Georgia, Atlanta , 30301 Atlanta USA

Vacancy expired!

Vulnerability Lead

Atlanta, GA

12+ Months

Environment: Office, currently working Remote due to COVID-19The Vulnerability Management Lead position has the responsibility of managing and improving the company’s vulnerability management program. The Vulnerability Management Lead will collaborate with various teams across the organization who are responsible for remediating security vulnerabilities. This individual will ensure effective lifecycle operations of vulnerabilities encompassing vulnerability identification, triage, prioritization, remediation tracking and reporting across the network.

Principal Duties:The Information Security Vulnerability Management Lead must be to able work in a dynamic, fast paced environment at a highly technical level and be capable of providing leadership and mentoring. The resource will be a member of the Information Security team and will participate in the continuous improvement of the overall information security program. Additionally, the candidate will also provide research and recommendations for newly discovered Zero-day vulnerabilities.

Primary Responsibilities and Essential Functions include:
  • Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
  • Collaborate with cross-functional, cross-department teams to drive patching and remediation strategies
  • Reporting and prioritization of security vulnerabilities across the Vulnerability Management Team
  • Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
  • Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
  • Lead projects and efforts to drive automated remediation solutions
  • Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface
  • Monitor for new vulnerabilities reported by internal and external sources
  • Develop and report on substantial metrics for the Vulnerability Management Program
  • Work with Cyber Security Incident Response Team on Zero-day vulnerabilities
  • Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
  • Participate in team on-call rotation
  • Perform other duties as assigned

Job Related Experience:Preferred Level: 5-8 years of related experience required

Education:Preferred Level: Bachelor’s degree in Information Security, Computer Science, Management Information Systems, or related field of study, OR 5+ years of equivalent work experience.

Licenses / Certifications:Preferred: Certified Information Systems Security Professional (CISSP), CISM, CRISC, CISA, PCI ISA/QSA, Certified Ethical Hacker (CEH), CompTIA Security +, GPEN, GCFA

Skills Required:
  • Solid understanding of Risk Management frameworks, Security frameworks & Data Protection regulations
  • Strong leadership, collaborative, diplomatic and motivational skills including the ability to lead across multiple business and technology organizations.
  • High passion for security, innovation and problem-solving
  • Ability to work effectively within a team to drive a common goal.
  • Passion to work with a diverse team and assist in improving the security program of a large enterprise
  • Excellent attention to detail, follow through, and organizational skills
  • Strong verbal and written communications skills
  • Detailed knowledge of vulnerability management, configuration management, software security tools and trends
  • Strong understanding of desktop and server operating systems as well as software
  • Solid grasp of vulnerability classification and scoring methodologies (CVSS, CVE)
  • Understanding of Windows and nix operating systems, endpoint applications, networking protocols and devices.
  • Proficient in a programming language, e.g. Python or PowerShell scripting, Java, C, C, C#, etc
  • Technically competent with various software programs and vulnerability management solutions, including but not limited to Qualys, Tenable, Rapid 7, Microsoft Office Suite, ServiceNow
  • Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
  • Capable of working independently and involving leadership as necessary

Skills Desired:
  • Knowledge of diverse infrastructure platforms and operating systems such as databases, middleware.
  • Experience in Cloud based platforms e.g. AWS, Azure
  • Vulnerability Management experience in containerized environments e.g. Docker, Kubernetes etc
  • Experience in Web Application vulnerability management
  • Qualys Vulnerability Manager
  • Experience in Splunk Enterprise Security tool
  • Experience with Inventory Management tool

Work Conditions:
  • Shift Work: No
  • On-Call: Yes
  • Weekend Work: As Required
  • Travel Required: 0-2 Days per Month

Thank you,

Vacancy expired!


Related jobs

Report job