Vulnerability Management Lead Jobs

Purpose of Position

The Vulnerability Management, Lead will partner closely with the Cybersecurity team to ensure that identified threats are eliminated across impacted systems, networks and applications. Once identified and prioritized, by the Cybersecurity team, this role will lead assigning vulnerabilities to the appropriate team (Infrastructure, Network, Application) to be mitigated. This individual must possess a strong project management background with a thorough understanding of the cybersecurity landscape.

The primary objective of the position is to provide operational delivery of remediation activities to support organization-wide risk reduction, The role requires the candidate to deliver a high level of service and to meet business expectations, as well as an excellent understanding of an enterprise IT infrastructure operational environment, development environments, and industry leading practice.

Tasks and Responsibilities

• Provide subject matter expertise into process and procedures of managing remediation efforts generated from cybersecurity monitoring, detection, audit, and incident response activities
• Remain current with vulnerability information across all Information Technology products in the NetJets environment
• Collaborate with Cybersecurity professionals to provide remediation subject matter expertise to Information Technology teams, assisting teams with the prioritization and remediation of patching, configuration, application security, and offensive security findings provided by Cybersecurity team
• Share responsibility in reviewing vulnerability data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, audits etc.) across multiple technologies in a changing environment including infrastructure and applications
• Assist in the development of guidelines, process and procedures for patching and configuration management in accord with Information Technology leading practices, as well as, Cybersecurity Policies and Standards, and recommend automation tools to enhance efficiency across the enterprise
• Report and track the status of vulnerability remediation with regard to Cybersecurity Policy Service Level Agreement (SLA) and Development Team Agile JIRA card commitments
• Develop organizational processes for the dissemination of key risk reduction solutions and relevant information pertaining to them
• Lead weekly cross organizational meetings to review vulnerabilties and ensure that clear ownership within Information Technology is assigned
• Ensure the development of a build process to harden and ensure new systems use ‘gold’ images with latest patches, least privilege configurations and Cybersecurity agents, plus validation processes to verify systems are free of vulnerabilities with scans prior to bringing systems on-line
• Research capabilities with intellectual curiosity and critical thinking to determine best ways to prioritize and remediate vulnerabilities with no impact on production environments
• Participate in and support design concepts and implementation strategies for various systems to ensure practical implementation of security standards
• Develop guidelines, process and procedures for patching and configuration management in accord with Information Technology leading practices, as well as, Cybersecurity Policies and Standards, and recommend automation tools to enhance efficiency across the enterprise
• Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
• Identify remediations that have missed SLA or commitment dates to eliminate unique PIDs
• Effectively communicate the impact of operations, compliance, and cybersecurity gaps to multiple audiences, encouraging remediation activities to enhance their cybersecurity posture
• Provide technical and project management support for Cybersecurity vulnerability remediation across Information Technology teams
• Perform any other duties as assigned by management
• Report and track the status of vulnerability remediation with regard to Cybersecurity Policy Service Level Agreement (SLA) and Development Team Agile JIRA card commitments
• Utilize dashboards, spreadsheets, technology solutions in place, and business intelligence to perform data analysis, assisting with the rapid prioritization of findings, and helping teams to reduce their risk in an efficient manner

Education

Certifications and Licenses

Years of Experience

Core Competencies

Knowledge, Skills, Abilities and Other (KSAOs)

• Excellent written and verbal communication skills
• 4-6 years of related experience within project management, vulnerability management, or compliance monitoring.
• Demonstrated experience related to leading vulnerability management and analysis.
• Understanding of a variety of technical concepts with focus on cloud computing, automation, systems administration, application development, and information security best practices.
• Detail oriented, organized and proactive.
• Working understanding of the vulnerability management software products.
• Must be self-motivated and able to function effectivley working independently or in a team.
• Working knowledge of Agile methodologies preferred.
• Ability to work in a fast-paced environment with accuracy.