Security Engineer – Vulnerability Management Jobs

Familiarity with Operating Systems, software build and deployment, and configuration management .

Depth in 1 or more Information Security domains such as pentesting, application security, incident management, Cloud security etc.

Bachelors degree in an engineering discipline or equivalent experience in the field of Security.

Excellent written and verbal communications skills.

Experience building tooling and automated solutions

Experience in scripting, data mining and automation

2-3 years of related work experience with vulnerability management

Working knowledge of one or more vulnerability management systems including Fortify, Nexpose, Twistlock, Nessus Tenable, etc.

Improve and automate existing vulnerability management lifecycle

Knowledge of applicable control frameworks such as: NIST CSF, NIST SP 800-53, FISMA, ISO 2700, COBIT

Certifications desirable - OSCP, CISSP, CEH and/or CompTIA Security+/CySA/CASP+.

Hands on experience with application security, dynamic scanning, static scanning, and container security

Ability to utilize interpersonal skills to effectively communicate with all levels of management and employees.

Bachelor's degree related to Computer Information Systems, or an equivalent combination of formal education and experience appropriate for the assigned duties.

Knowledge of system and application security threats and vulnerabilities.

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

Skill in using network analysis tools to identify vulnerabilities.

Minimum 0-2 years’ experience in a cyber security environment.

Experience with vulnerability remediation processes, including prioritization, change management, analysis, & triage.

Understanding and experience with FedRAMP Cloud Security Requirements

Understanding and experience with Federal Security Standards such as NIST and DoD

Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being

Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences

Maintains an up-to-date understanding of emerging cyber threats facing financial institution.

Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, and technical capability requirements.

Ability to understand and articulate the tie between vulnerability risk management and the strategy and goals of the greater organization.

Vulnerability Management Strategic Planning, Design & Implementation

Participates in the entire lifecycle of vulnerabilities including discovery, triage, advising, remediation, and validation.

Excellent written and verbal communication skills (including technical writing).

Strong strategic planning, maturity assessment, analytical and problem-solving skills; ability to examine issues both strategically and analytically.

At least 2 years of experience with Vulnerability Management and patching

2+ years of experience in Change Management process

2+ years of experience with vulnerability management reporting tools: CrowdStrike, Qualys, Symantec, McAfee, or Nessus.

Research and suggest improvements to our vulnerability management posture on endpoints to improve our overall compliance metrics.

High School Diploma, GED, or equivalent certification

At least 2 years of experience of managing macOS devices leveraging JAMF Pro

5+ years of experience in Patch Management solutions for Microsoft and Linux

Design and configure vulnerability management solutions on various technologies and platforms

Senior Operations IT Vulnerability Management Engineer – Hybrid East Los Angeles

Experience in Cloud environment, either Azure or AWS

Experience in identifying security threats, and developing automated procedures to remediate identified threats

Investigate new and emerging security vulnerabilities from vendors and RSS feeds

Minimum 10 years of experience in vulnerability management and/or Application security

Perform Vulnerability scans using Qualys / Tenable Vulnerability Management tool

Prepare monthly, weekly reports and send Vulnerability Management reports to client

Validation of vulnerabilities after developers remediated them

Strong analytical and problem solving skills

Past experience in Web application testing using Burp Suite, HCL Appscan / Web Inspect.

Working knowledge in NIST Risk Management Framework (RMF) for defining, implementing, automating, assessing, and accessing procedural methods and security controls.

Manage personal workflow in the agile process.

Experience with Linux operating systems at all layers (boot, kernel space, user space)

Minimum 4 years' experience in Information Security

Required DODD 8570.01M IAT/IAM Security certification such as CCNA Security, GICSP, GSEC, Security+ CE, CND, SSCP

Operate and maintain Hypori vulnerability assessment tools.

· Remote position - But candidates should be comfortable coming onsite once in a while when requested.

· Collaborate with cross-functional teams to assess vulnerabilities, prioritize remediation efforts, and implement appropriate security controls

· Stay up to date with the latest cybersecurity threats, vulnerabilities, and industry best practices

· Perform detailed analysis and prepare summary reports for O&M teams to address critical vulnerabilities

· Minimum of 5 years of experience working in cybersecurity or a similar role

· Considerable experience in analyzing and interpreting vulnerability scanning results and providing actionable recommendations

Proven experience in endpoint security management, preferably in a large-scale enterprise environment.

Knowledge of Microsoft Exposure score and experience in reducing it is highly desirable.

Familiarity with patch management processes and tools.

Excellent analytical and problem-solving skills to investigate and mitigate endpoint security incidents.

Strong communication and interpersonal skills to effectively collaborate with system owners, technology teams, and stakeholders.

Ability to prioritize and manage multiple tasks in a fast-paced environment.

Experience with vulnerability management tools – Rapid7’s Nexpose, Tenable’s Nessus, Wiz, Orca, PrismaCloud, etc.

Maintain the vulnerability management tool, including:

Communicate with relevant stakeholders and generate executive reporting, status updates, and remediation guidance on Vulnerability Management

Gather and analyze metrics regarding progress of the vulnerability management program

3-5 years of experience working with and assessing vulnerabilities

Excellent written and verbal communication skills

Equivalent combination of related education, training and experience may be considered in place of the above qualifications.

Experience participating in or managing the vulnerability management process.

Build and maintain documentation in support of the vulnerability management, penetration testing, and incident response programs.

Evaluate and improve current vulnerability management processes and implement automation where applicable.

Knowledge and experience interacting with API interfaces using Python, Perl or other scripting languages.

Analyze and prioritize vulnerabilities to help the business understand the security impacts.

Maintain, where appropriate, vendor relationships in support of Vulnerability Management practices

Collaborate with peer Security teams in advancement of Vulnerability Management practices for the Enterprise

Support Asset Management program maturity through Qualys expertise and Cloud activities

Support Audits and Assessments and other key requests of Vulnerability Management

Communicate with clients to understand their security needs and develop engagement plans to satisfy all requirements

Collaborate with other employees in order to build the company's overall capabilities, specific to the Qualys and Cloud areas

Minimum of 5 years of experience in information security with a role focused on vulnerability management.

Proven experience building and running a successful comprehensive vulnerability management program.

Develop, create, and implement a comprehensive vulnerability management program that aligns with our enterprise’s objectives and risk appetite.

Drive continuous improvements in vulnerability management processes and tools by leveraging industry-leading technologies, automation, and data-driven insights.

Stay current on industry trends, emerging threats and best practices in vulnerability management and adapt the program accordingly.

Evaluate and recommend vulnerability management tools and technologies, ensuring the optimal balance of effectiveness and efficiency.

Experience briefing management and senior leadership

Exposure to Vulnerability Management tools (i.e., Tenable, Rapid7, Qualys, Prisma Cloud, Divvy Cloud, Wiz, etc.)

Ability to develop and communicate recommendations to management

Apply analytical, statistical, and programming skills to collect, analyze, and interpret large vulnerability data sets

Building vulnerabilities’ data lake and associated orchestration to scale up multiple vulnerabilities’ data sources and correlation with other data

5+ years of data engineering/ IT professional experience

Manages vulnerability scans, logs, and tracks discovered vulnerabilities in alignment with the vulnerability lifecycle.

A working understanding of vulnerability management processes and lifecycle.

A working understanding of one or more information security and vulnerability management technology solutions.

Maintains a view of IT assets and emerging vulnerabilities.

Develops reports, metrics, and dashboards for system owners, managers, directors, and executives.

Develops working relationships with and offers support to other contributors in the information technology organization.

Experience in vulnerability management or related field such as penetration testing, SOC, or threat intelligence

Enhance the current Vulnerability Management strategy and process for Celonis

Serve as subject matter expert related to vulnerability management and secure configuration

Have the ability to understand and develop enterprise policy and technical standards with specific regard to vulnerability management and secure configuration

Drive to learn new things about vulnerability management, exploits, hacker techniques, and overall security operations

Familiar with industry standard security best practices and vulnerability management processes including compliance reporting

2+ years of experience with cybersecurity engineering

Experience with reverse engineering tools, including IDA Pro, OllyDbg, Ghidra, Hex-Rays, or Windbg

Experience with forensics analysis of media

Experience with analyzing packet captures with tools, including Wireshark

Knowledge of cryptographic algorithms and protocols

If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.