KEY RESPONSIBILITIES:

- Perform in-depth analysis of vulnerabilities by correlating data from various sources.

- Proactively research and monitor security-related information sources for vulnerability discovery.

- Assess impact of vulnerabilities on critical systems or data and advise on remediation.

- Maintain patch and vulnerability management practices to protect against exploitation.

- Manage tracking and remediation of vulnerabilities, obtaining action plans from stakeholders and using ticketing systems.

- Research current vulnerabilities and exploits using trusted resources.

- Document remediation tasks for application and system owners.

- Report findings and remediation recommendations to stakeholders (e.g., executive reports, trends reports).

- Assist system engineering team in configuring and deploying vulnerability scanning and network assessment tools.

- Support Incident Detection and Response team in daily operations.

- Conduct scans to identify vulnerabilities and ensure security standards compliance.

- Coordinate with external researchers and organizations during the disclosure process for responsible reporting and resolution.

- Collaborate with teams to implement and utilize automated tools for vulnerability management.

- Coordinate with teams to perform regular patching and scanning.

MINIMUM QUALIFICATIONS:

- Extensive experience in vulnerability management, patch management, and configuration management best practices.

- Knowledge of researching vulnerabilities, exploitation techniques, and industry trends/threats.

- Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).

- Experience with vulnerability and compliance scanning tools such as Qualys, Rapid7, or Tenable Nessus.

- Ability to interpret security advisories and understand vulnerability exploitation and impact.

- Project management experience.

- Experience with patching procedures for Linux, Windows, etc.

- Ability to self-direct project outcomes and achieve program goals with minimal supervision.

- Problem-solving and troubleshooting skills for resolving communication and system issues.

PREFERRED QUALIFICATIONS:

- BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems.

- Prior experience with coordinated disclosure programs and working with external security researchers.

- Desired certifications include CISSP or similar.

- Experience implementing scanning architectures.

- Familiarity with data analysis and visualization technologies.

- Experience managing and tracking vulnerability cases.

- Excellent written and oral communication skills.