Principal Consultant

What will you be responsible for?

• Plan, track and monitor threat intelligence research to identify new threats.
• Assist in the responsibility for the reviewing vulnerabilities' data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies to determine risk rating of vulnerabilities to business assets.
• Assist in improving and automating existing vulnerability management lifecycle. Including but not limited, data ingestion & normalization, compliance metrics and detections on assets.
• Develops and maintains strong partnerships to drive end-to-end vulnerability remediation.
• Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risk.
• Participating and creation of detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team.
• Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE)
• Knowledge of threat centric framework Cyber Kill chain and NIST Cyber Security Framework.
• Ensure that system vulnerabilities (new and backlogged) across the enterprise are dealt with in an efficient and timely manner.
  

What would your work week look like?

• Collaborate with the other security teams to contain and investigate major incidents.
• Analyze and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization & ensuring scan results are presented in appropriate dashboards & reports.
• Maintain intelligence network to discover any reported exploits, zero day vulnerabilities and its applicability to Organization.
• Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
• Lead, train and supervise a team of security personnel, ensuring they have the necessary skills and knowledge to perform their duties effectively.
• Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform.
  

Who are we looking for?

• Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience
• 10 plus years of directly related experience as a Vulnerability Management SME or similar role.
• Demonstrated understanding of vulnerability management and security testing practices and methodologies.
• Proven understanding of common vulnerability frameworks (e.g., CVSS, OWASP Top 10)
• Experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems (Qualys preferred)
• Scripting or programming (Shell scripting, Power Shell, Python etc.)
• Strong leadership and teambuilding skills.