Vulnerability Management

The Vulnerability Management Engineer is responsible for managing the identification, assessment,reporting, and mitigation of infrastructure and cloud vulnerabilities.A candidate for this role will have a mindset of a defender and be able to operate in a fast-paced

environment working closely with our infrastructure team that includes Network,Firewall, Hypervisors, Servers, and business application teams.

Primary Skills:

• At least 4+ years’ experience in Information Security or Information Technology field.

• Bachelor’s degree in computer science, Information Security, or equivalent combined experience.

• Hands-on experience with a variety of vulnerability management and network scanning tools, such as Qualys, Tenable Security Center, Nmap, web scanners, etc.

• Understanding of the relationship between operating systems, applications, and their dependencies, and how interrelated software vulnerabilities exist – with ability to determine remediation techniques in diverse environments.

• Conduct regular vulnerability scans and assessments on network devices, servers, applications, and databases.

• Perform vulnerability metrics reporting for ad-hoc and scheduled metrics report for various KPIs (Key Performance Indicators) around vulnerability management activities.

• Knowledge of both Windows and UNIX-based operating systems (e.g. Windows Server and Client OS,RHEL, Ubuntu, Amazon Linux, MacOS), and container technologies (e.g. Kubernetes, Docker).

• Ability to script and program using Python and other scripting and programming languages (i.e. SQL,Python, C, Java, JavaScript), notably for working with RESTful APIs.

• Perform regular security audits and compliance checks to ensure adherence to security policies and standards.

• Experience working with REST APIs and integrating API frameworks into wider business intelligence solutions.

• Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice.Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classificationschemes (CVE, CVSS, CPE).

• Capable of independently managing customer requirements, from the initial information gathering phase through to implementation.

Secondary Skill:

• Knowledge of the DORA Standard.

• Solid experience in offensive security, adversarial tactics, techniques, and procedures (e.g. using MITRE

ATT&CK framework), and common attack patterns such as binary exploitation, memory corruption, race conditions, web attacks, etc.

• In-depth knowledge of security standard methodologies, technologies and products and aim to continuously improve these skills.

• Knowledge of CI/CD pipelines, GitHub or other version control systems, and cloud hosting

environment’s (i.e. AWS) applicable security standard methodologies.

• Experience working in agile project management toolsets, creating tickets which break down work into manageable pieces, tracking capacity, and closing stories in a timely manner, and documenting work (i.e.Jira, Confluence, ServiceNow).