Enterprise Vulnerability Manager

This role will be focused on operating and improving Ford Motor Company Enterprise Vulnerability Management (EVM) efforts. Drive security vulnerability identification and assessment/rating, remediation requirements, secure computing practices, and application security (DAST, SAST, SCM). Daily monitoring of multiple information sources to process threat intelligence data regarding the release of security patches and mitigations of exploitable traits in software. Decision-making capability involving knowledge of software used in the Ford environment (in various active states), familiarity with exploitable traits and personal judgment in order to provide effective patch and mitigation evaluation. Provide cyber security consultation and direction to IT and business organizations. Coordinate cyber security requirements across business organizations and recognize common needs with potential for strategic solutions. Develop and keep up to date runbooks, Standard Operating Procedures, and collaboration tools. Develop and track metrics to measure and report performance.

Industry Certifications:
Good to have relevant certifications like CEH, CompTIA Pentest+, CISSP, GIAC GEVA, GCIH, OSCP

Required Skills

The ability to collaborate with a globally located and diverse team of cybersecurity professionals working across organizational boundaries to protect Ford Motor Company. Strong written and verbal communication and organizational skills. Ability to work independently, follow a disciplined approach, and have an analytical mindset. Ability to work well in a small team and be flexible enough to work on any aspect of the team's needs. General understanding and awareness of vulnerability management processes, incident management procedures, and common exploit methods.

Desired Skills

General understanding of emerging technology areas a plus (cloud, social media, mobility, big data, connected vehicle) and their implications in regard to cybersecurity. Familiarity with SACM, eAssets, GRC, and EAMS and other Ford IT Asset management systems. Familiarity with analytics tools such as Qlik Sense/Dashboards is very desired. Knowledge of vulnerability scanning and penetration testing tools including QVM, Nessus, Qualys, Burp Suite and others. Programming skills including Python focused on scripting and automation.

Requirement to work in shifts: 2-11:30 PM