Top Skills Details:

1) Experience building out a vulnerability management program - categorization, scoring, reporting, partnering with agencies for reporting.

2) Experience interpreting vulnerability scanning and penetration test reports - must be able to speak to the true risk a vulnerability poses.

3) Strong knowledge of NIST & MITRE ATT&CK frameworks

4) Experience building out an AppSec program - code reviews, SAST, etc (they only do DAST so far).Description:

One of our key clients presents a unique opportunity for the right person. They are building out the Information Security Program for a large enterprise divestiture. If you have experience building out an information security vulnerability management program this could be a great opportunity. The client wants to align to NIST & MITRE ATT&CK framework, so knowledge of that is highly valuable. Daily activities may vary widely based on your assessment of the environment and the prioritization of needs, but key areas of focus are interpreting vulnerability scan and penetration test results, socializing the risks and helping drive remediation efforts across relevant teams. In particular, the application security program needs to build code reviews and Static App Sec Testing into their future state.

Client description

Vulnerability Security Engineer:

Reporting to the Director of Technical Security, the Vulnerability Security Engineer will have the direct responsibility for providing guidance on patch and vulnerability management, threat identification, risk-ranking of newly identified vulnerabilities for prioritization, and development of remediation plans.

Responsibilities:

Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components for on-prem and in the cloud environments (Azure experience preferred)

Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components

Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation

Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls

Drive efforts to remediate findings from external assessments

Establish penetration test strategies and validate remediation effectiveness

Assist in development and implementation of information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements

Validates the vulnerabilities identified against the NIST Framework, National Vulnerability Database (NVD), MITRE ATT&CK and Security Best Practice standards such as CIS Benchmarks and vendor hardening standards

Develop automation and orchestration around vulnerability management

Implement integration of vulnerability management tool with other toolsets

Participate in incident response activities including forensic investigation

Create operating procedures for level 1 and level 2 support teams

Skills for Success:

Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills

Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments

Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects

The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical backgrounds

Experience/Education:

5+ years of experience in a combination of information security and IT

Hands-on technical security experience across multiple domains of security

Familiarity with common classes of vulnerabilities

Exceptional interpersonal skills, including teamwork, facilitation, and negotiation.

Excellent written, verbal, communication, and presentation skills.

Security certification/accreditation including, OSCP, CISSP, and GIAC are highly desired.

Experience in a global retail environment would be preferred.

Bachelor’s degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experienceSkills:

Vulnerability Management, Rapid7, QualysAdditional Skills & Qualifications:

This organization prioritizes demonstrated experience and a deep affinity for continuous learning over any particular certs, but OSCP, CISSP, and GIAC are highly desired.Experience Level:

Expert Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.