Overview
This role will configure and coordinate vulnerability remediation for infrastructure, databases, endpoints, and external testing and analysis. Success in this program comes through working with the technical, business, cloud, and security teams to optimize and enhance the vulnerability scanning capability, through Rapid7, Tanium, and other vulnerability scanning and assessment technologies. You will be asked to report updates to key stakeholders regularly.
This role needs previous experience in driving a cultural change program to enable the ownership of remediation activities by clearly communicating, creating self–service responsibility, aligning with prioritized risk, and understanding the depth and breadth of technology and data assets. The maturing of the program will be evaluated based on the documented processes, standards, and tools that are understood and used consistently by the roles in the organization to timely find and fix vulnerabilities in systems. Furthermore, metrics and KPIs are to be established, agreed upon with stakeholders, and used to perform continuous improvements, education, and training in the program. Although threat hunting and analysis are not directly in this program, the right candidate will have experience and knowledge of the integration of threat, incident, cyber risk, and SDLC components to achieve success. Additional key experiences should include automation and integration of VM platforms to CMDBs, IPAM tooling, SIEM tools, and automated reporting.
Responsibilities
- Configure, run, update, tune, and perform reporting on vulnerability management tooling.
- Provide recommendations and technical guidance for the lifecycle of vulnerability management.
- Schedule, run, verify, and ensure regular vulnerability scans, assessments, analyses performed, completed, and results produced accurately.
- Support the vulnerability manager and vulnerability management processes, suggesting applicable change controls, and security exceptions using risk–based processes.
- Work with other teams to ensure automation and integration where applicable and provides for less manual processes.
- Understand and utilize the CVSS, OWASP, and other valuation scoring for vulnerabilities.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non–repudiation).
- Knowledge of system administration, network, operating system hardening techniques, and the risk management process.
- Knowledge of specific operational impacts of cybersecurity lapses and the organization's threat environment.
- All other duties as assigned by leadership.
Qualifications
Required Experience
- Bachelor of Science degree in Computer Science, Engineering, Computer Security, Information Systems, or related field, or comparable experience.
- 1–3 years of Vulnerability Management experience.
Required Skills
- Experience presenting to both technical and non–technical audiences, and effective communication skills including oral, written, and listening.
- Experience with false positive identification.
- Familiarity with incident response efforts and threat models, such as Diamond, Cyber Kill Chain, ATT&CK, Racetrack, etc.
Certifications, Licenses, and/or Registration
- AWS Certification(s), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH) or other relevant certifications.
Location & Compensation
- The base salary range for this role is $80,000 – $120,000 depending on the individual's experience.
- Role can be 100% fully remote depending on geographic location.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus.
EEOC
Lakeview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.
#J-18808-Ljbffr