Vulnerability Engineer Jobs in Iowa

Working knowledge of vulnerability management solutions like Tenable.

Knowledge of NIST SP 800-53 and Risk Management Framework

This role involves using cybersecurity assessment tools, categorizing vulnerabilities, generating detailed assessment results, and developing cybersecurity assessment techniques.

Categorize and assign impact for discovered vulnerabilities using recognized benchmarks and frameworks.

2+ years of prior cybersecurity experience; experience in lieu of a degree may be acceptable.

Strong analytical and troubleshooting skills.

Demonstrated experience in security research people management

Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, Argentina, and remote

Establish team priorities for research and development of new vulnerability intelligence collection and analysis capabilities

Evaluate, align, and escalate vulnerability detection capabilities within Bitsight’s established risk assessment framework

Communicate timelines and expectations for high-priority vulnerability detection capabilities

Recruit, train, and develop an international team of vulnerability researchers of diverse backgrounds and skill sets

Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, and technical capability requirements.

Ability to understand and articulate the tie between vulnerability risk management and the strategy and goals of the greater organization.

Vulnerability Management Strategic Planning, Design & Implementation

Participates in the entire lifecycle of vulnerabilities including discovery, triage, advising, remediation, and validation.

Excellent written and verbal communication skills (including technical writing).

Strong strategic planning, maturity assessment, analytical and problem-solving skills; ability to examine issues both strategically and analytically.

Equivalent combination of related education, training and experience may be considered in place of the above qualifications.

Experience participating in or managing the vulnerability management process.

Build and maintain documentation in support of the vulnerability management, penetration testing, and incident response programs.

Evaluate and improve current vulnerability management processes and implement automation where applicable.

Knowledge and experience interacting with API interfaces using Python, Perl or other scripting languages.

Analyze and prioritize vulnerabilities to help the business understand the security impacts.

Manages vulnerability scans, logs, and tracks discovered vulnerabilities in alignment with the vulnerability lifecycle.

A working understanding of vulnerability management processes and lifecycle.

A working understanding of one or more information security and vulnerability management technology solutions.

Maintains a view of IT assets and emerging vulnerabilities.

Develops reports, metrics, and dashboards for system owners, managers, directors, and executives.

Develops working relationships with and offers support to other contributors in the information technology organization.

Maintains communication with management regarding development within assigned responsibilities and performs special projects as required

Bachelor's Degree in Computer Science or Management Information related field, or equivalent work experience

Develops leadership-level communications, including management specific metrics, white papers, procedures, thought position papers, etc.

Develops and manages testing methodologies that adhere to common security guidelines and NIST standards

Conducts an evaluation of cloud security configurations, identifies prevalent vulnerabilities in cloud security controls, and improves and maintains cloud testing standards

Provides detailed reports with proof of vulnerabilities, guidance, and advice to support customer teams through vulnerability remediation

Experience with vulnerability management processes, tools, and technologies

Manage and monitor security throughout the product lifecycle from development to operations, with a DevSecOps mindset.

Oversee and manage internal customer requests for security

Develop and research security solutions to monitor and manage infrastructure and product security

Leverage AWS monitoring components to create deeper analysis, detection, and automated response capabilities

At least 2 years of hands-on experience with AWS or Azure security