Top Skills Details:
1) Experience building out a vulnerability management program - categorization, scoring, reporting, partnering with agencies for reporting.
2) Experience interpreting vulnerability scanning and penetration test reports - must be able to speak to the true risk a vulnerability poses.
3) Strong knowledge of NIST & MITRE ATT&CK frameworks
4) Experience building out an AppSec program - code reviews, SAST, etc (they only do DAST so far).Description:
One of our key clients presents a unique opportunity for the right person. They are building out the Information Security Program for a large enterprise divestiture. If you have experience building out an information security vulnerability management program this could be a great opportunity. The client wants to align to NIST & MITRE ATT&CK framework, so knowledge of that is highly valuable. Daily activities may vary widely based on your assessment of the environment and the prioritization of needs, but key areas of focus are interpreting vulnerability scan and penetration test results, socializing the risks and helping drive remediation efforts across relevant teams. In particular, the application security program needs to build code reviews and Static App Sec Testing into their future state.
Vulnerability Security Engineer:
Reporting to the Director of Technical Security, the Vulnerability Security Engineer will have the direct responsibility for providing guidance on patch and vulnerability management, threat identification, risk-ranking of newly identified vulnerabilities for prioritization, and development of remediation plans.
Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components for on-prem and in the cloud environments (Azure experience preferred)
Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
Drive efforts to remediate findings from external assessments
Establish penetration test strategies and validate remediation effectiveness
Assist in development and implementation of information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements
Validates the vulnerabilities identified against the NIST Framework, National Vulnerability Database (NVD), MITRE ATT&CK and Security Best Practice standards such as CIS Benchmarks and vendor hardening standards
Develop automation and orchestration around vulnerability management
Implement integration of vulnerability management tool with other toolsets
Participate in incident response activities including forensic investigation
Create operating procedures for level 1 and level 2 support teams
Skills for Success:
Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical backgrounds
5+ years of experience in a combination of information security and IT
Hands-on technical security experience across multiple domains of security
Familiarity with common classes of vulnerabilities
Exceptional interpersonal skills, including teamwork, facilitation, and negotiation.
Excellent written, verbal, communication, and presentation skills.
Security certification/accreditation including, OSCP, CISSP, and GIAC are highly desired.
Experience in a global retail environment would be preferred.
Bachelor’s degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experienceSkills:
Vulnerability Management, Rapid7, QualysAdditional Skills & Qualifications:
This organization prioritizes demonstrated experience and a deep affinity for continuous learning over any particular certs, but OSCP, CISSP, and GIAC are highly desired.Experience Level:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.