Expert (Staff) Vulnerability Management Engineer

Job Description

Job Description_This position does not offer work visa sponsorship_We are seeking an Expert (Staff) Vulnerability Management Engineer to join our Enterprise Vulnerability Management team. This role is responsible for planning, developing, and implementing enterprise-scale vulnerability management solutions to meet current and emerging security needs. You will proactively identify and resolve complex information security challenges, while designing, implementing, and maintaining a world-class vulnerability management program.

Key focus areas include strategic planning, capability assessment, process development and refinement, technology capability analysis, and the implementation and continuous improvement of process support tools. ResponsibilitiesVulnerability Management Strategic Planning, Design & Implementation:Performs vulnerability management capability assessments, process development and refinement activities, technology capability assessments, and solution design and implementation projects that ensure the security of the enterprise environment. Leads strategic planning activities informed by capability assessments which holistically address current and future maturity states of vulnerability management capabilities. Builds strong narratives to drive decision-making and educates leadership stakeholders on proposed plans.

Serves as a security expert in vulnerability management solutioning, including vulnerability identification, assessment, and validation for CI/CD pipelines, cloud environments, and infrastructure. Engages with enterprise architects, security specialists, technology engineers, and other functional area specialists to ensure that enterprise technologies and security solutions are correctly configured and deployed to sufficiently mitigate identified risks and meet requirements for the enterprise, customers, partners, and vendors.

Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, and technical capability requirements. Vulnerability Management Operations:Creates and maintains a view of IT assets, related attack surfaces, and emerging vulnerabilities to illustrate the flow of data and associated security threats. Manages the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.

Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serves as an expert in platform, application, storage, network, virtualization, cloud, and mobile security best practices. Develops leadership-level communications, including board of director and executive metrics, business cases, standards, policies, procedures, architecture design documents, etc.

Collaboration:Communicates and interacts effectively with leadership, management, co‑workers, internal and external customers, and partners. Communicates strategic planning narratives and design, as well as implementation plans, to both technical and non‑technical audiences.

Focuses on building stakeholder partnerships and offers support to other contributors within the Technology Org. Contributes to team culture by modeling integrity, inclusivity, accountability, and collaboration. Educates, coaches, and mentors junior team members and expands the team’s overall skill sets.

Qualifications7+ years of professional experience in Cybersecurity domain with a Bachelor’s degree in Computer Science, Information Security, or a related field; an equivalent combination of education and experience will also be considered. 8+ years of combined hands-on cybersecurity and vulnerability management development and implementation work. Experience with a broad exposure to cloud, infrastructure, network, and multi-platform environments.

2+ years of hands-on experience assessing vulnerabilities and using contextual risk to prioritize remediation efforts. 2+ years of experience in responding to zero-day and high-profile vulnerabilities. 2+ years of experience in cybersecurity solution engineering or security service delivery.

2+ years of leadership experience with planning and managing cybersecurity implementations and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale vulnerability management capability development projects. Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred.

EWJD3