Vulnerability and Compliance Engineer

Redwood City, CA

Posted: 06/03/2019 Employment Type: Direct Hire Industry: IT Job Number: JOS000008608

The Vulnerability and Compliance Engineer reports to the Senior Manager, Information Security Operations, and works closely with development teams, CorpIT (Information Technology) teams, and other teams across the organization to assure vulnerabilities within the company global enterprise are identified, validated and mitigated in a timely manner. In addition, this position will validate compliance with information security policies and standards by conducting regular audits of the company enterprise. 

Job Responsibilities 

- Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks 

- Conduct recurring scans and audit and track mitigation activities through to completion 

- Conduct both self-assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas 

- Conduct scheduled, targeted (in response to advisories and remediation verification) and ad-hoc IT compliance audits and vulnerability scans for the company global enterprise 

- Investigate and validate risk levels associated with vulnerabilities identified via vulnerability scanning tools (Nessus, Dome9 and 

- Provide remediation guidance and recommendations and coordinate with Development Operations, CorpIT and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities 

- Maintain and improve upon, as necessary, the existing IT and vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and associated communications (downtimes, upgrades, report changes, etc.) 

- Create processes and workflows for all aspects of IT compliance auditing and vulnerability management. Work with cross-functional teams to improve processes, workflows and operational efficiencies 

- Utilize proven sources to maintain an awareness of prevailing and emerging vulnerabilities to proactively address vulnerabilities as early as possible 

- Provide recurring and ad-hoc vulnerability reports upon request 

- Establish appropriate vulnerability management calendar, schedule engagements and track activities to completion. Maintain history of scans and activities for future reference 

- Maintain and report out on the company Information Security Risk Register 

- Special projects including but not limited to tasks associated with the company’s Information Security Program 

Technical Skills Needed 

- Direct experience with maintaining and utilizing common commercial and open sourced vulnerability scanning and security auditing tools (Nesuss, Nexpose, OpenVAS, etc.) in both cloud (virtual machines, AWS, Azure, etc.) and conventional (physical endpoints, servers, etc.) environments 

- Experience working as part of a patch management process and a familiarity with patching tools (i.e. SCCM, JAMF, KACE, etc.) 

- Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools). 

- Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management. 

- Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice. 

- Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). 

Soft Skills Needed 

- High ethical standards, integrity, and commitment to compliance 

- Knowledge of common attack methodologies; common types of security vulnerabilities; 

- Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems 

- Effective communication and presentation skills with demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. 

- Excellent written and verbal communication skills, interpersonal and collaborative skills 

- Must be a critical thinker, with strong problem-solving skills 

- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity 

- Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices. 

- Experience dealing with all levels of management and across different teams, including managing conflicts 

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.