Job Type
Full-time
Description
This is a fully remote position, allowing you to work from home or location of record within the U.S. with no in-office requirements. You must be available five days per week during designated work hours. The work arrangement for this role is subject to change based on business needs and individual performance. This may include adjustments to on-site requirements or schedule expectations, as necessary.
Position Overview
The Vulnerability Assessments Engineer conducts comprehensive vulnerability assessments across networks, systems, applications, and third-party vendors, prioritizing risks and coordinating remediation efforts in collaboration with internal teams and system owners. Develops and maintains vulnerability management policies, provides technical analysis and guidance, and ensures consistent reporting through standardized evaluation criteria. Supports cloud security initiatives and identifies opportunities to automate processes for improved scalability and efficiency, while staying current on emerging threats and best practices.
Primary Responsibilities
The below represents the primary duties of the position, others may be assigned as needed. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Research, identify, assess, and prioritize vendor and third-party security advisories and acts as a bridge between Information Security and system owners to see through the remediation activities.
• Conduct vulnerability assessments of our organization's networks, systems, and applications
• Analyze vulnerability scan results to identify potential security risks.
• Develop and maintain vulnerability management processes, policies, and procedures.
• Collaborate with other teams to prioritize and remediate identified vulnerabilities.
• Conduct security assessments of third-party vendors and ensure that their security practices meet our organization's standards.
• Keep up to date with the latest security threats and vulnerabilities and provide recommendations on how to mitigate them.
• Provide guidance and training to other teams on vulnerability management best practices.
• Provide technical advice to associate team members on attacks
• Perform technical analysis on vulnerabilities emanating from Cloud Security Posture Management (CSPM) tools.
• Create vulnerability evaluation standards for consistent reporting of vulnerabilities across various platforms
• Identify opportunities to automate repeatable tasks to solve scale and sustainability challenges associated with vulnerability triage
Education and Experience
• 5+ years of experience within an information security role
• Bachelor's degree in computer science, information security, management information systems, or similar major a plus
• Knowledge of vulnerability scanning tools and techniques
• Basic ability to script in one of the programming languages such as Python, Ruby, C#, Java, etc.
• Experience working with vulnerability scanning tools such as Tenable, CrowdStrike, Rapid7, Qualys, etc,.
• Experience working with CVSS and ability to research vulnerabilities independently from sources such as NVD, VulndDB, etc,.
• Familiarity with security frameworks such as NIST, ISO 27001, and CIS Controls
• Professional certification such as the Security+, CEH, OSCP, AWS Certified Cloud Practitioner, Agile Scrum, CSM, CSPO, PMIACP, GSLC is a plus
• Strong knowledge of IT ecosystem ranging from hardware network devices, storage systems, workstations, mobile devices, operating systems, and application frameworks
• Intermediate knowledge of evolving technologies such as containers and cloud security
• Basic knowledge of common cloud platforms such as AWS, Azure, GCP, etc.
• Ability to evaluate cloud vulnerabilities resulting from Cloud Security Posture Management (CSPM) Tools such as Wiz, Prisma
• Stays up to date and current on new threats and new developments in the information security field
• OWASP standards such as ASVS, Testing Guide, Mobile & API Top 10
• Experience with writing Burp plugins, opensource security tools, presenting at security conferences, writing technical research papers or publishing CVE is a plus
• Experience working with Payroll, HR, Time & Labor Management, and Online Benefits Enrollment applications is a plus
Physical requirements
• Ability to sit for extended periods: The role requires sitting at a desk or workstation for long periods, typically 7-8 hours a day.
• Use of computer and phone systems: The employee must be able to operate a computer, use phone systems, and type. This includes using multiple software programs and inquiries simultaneously.
The base pay range for this position is $106k - $135k/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus and restricted stock unit grant based on individual performance in addition to a full range of benefits outlined here. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.