Proactively lead a team of vulnerability management professionals with the responsibility of implementing progressive processes , following industry best practices to identify, document, mitigate & resolve vulnerability related risks. This position will also act as a sole contributor at times, but is primarily responsible for leading a team of analysts to accomplish the overall vulnerability management mission.
Duties and Responsibilities:
* Develop, implement, and execute industry-leading vulnerability management services, vulnerability remediation and patch management oversight. * Plan and execute vulnerability assessments. * Identify and resolve false positive findings in assessment results. * Analyze threat and vulnerability feeds and analyze data for applicability. * Responsible for generating timely vulnerability assessment reports to management and stakeholders. * Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness. * Recommend security controls and/or corrective actions for mitigating technical and business risk. * Maintain an awareness of existing and proposed security standards, industry best practices, legislation and regulations pertaining to information security and recommend appropriate changes. * Work with the business developers to maintain a Secure Software Development Lifecycle (SDLC). * Development of Red Team exercise strategy and areas of concentrated focus. * Publication of Red Team exercise reports detailing red team assessment results and recommendations. * Performs other duties as assigned (no more than 5% of duties).
* Bachelor's Degree Computer Science or related discipline required.
* 5-7+ Related experience. * 5+ Years of experience in performing vulnerability assessments. * 5+ Experience securing multiple platforms and operating systems. * 5+ In-depth knowledge of technology, security, risk, and compliance best practices. * 2+ Experience in a lead or management role a plus.
Skills and Abilities:
* Strong knowledge of CVSS rating system, NVD metrics. * In-depth technical knowledge of various operating systems' security programs, communication ports and protocols. * In-depth knowledge of leading Vulnerability scanning platforms -- Certifications desired. * JAVA, J2EE, OO, XML, Web Services, Internet/Extranet/Intranet. * Ability to think critically and work independently to meet objectives. * Ability to think critically and work independently to meet objectives. * Ability to multi-task and prioritize. * Ability to brief technical risks and issues to executives and business leaders. * Ability to be careful and thorough about detail.
Licenses and Certifications:
* SANs GIAC certification ( e.g., GPEN or GW APT) requied. * ISACA Certified Information Systems Auditor (CISA) required. * EC-Council Certified Ethical Hacker (CIEH) a plus. * Offensive-Security Certified Professional (OSCP) a plus. * (ISC)2 Certified Information Security Professional (CISSP) a plus.
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.