The Global Security Vulnerability Engineer will work with the global technology and security teams to implement security best practices and provide operational support to the cyber security vulnerability management program. The Global Security Vulnerability Engineer will establish and drive identifying, assessing, and managing threats, vulnerabilities, and associated risks to the Firm’s information assets and resources. The Global Security Vulnerability Engineer will be integral to the execution of operational duties entailed throughout the vulnerability management process. The Global Security Vulnerability Engineer will be responsible for accurately assessing vulnerabilities associated with network, infrastructure, and applications for on premises and cloud deployments, coordinating with system owners to remediate vulnerabilities, and reporting progress of the remediation efforts to Senior Management and other stakeholders.
Global Cyber Security Vulnerability Engineer
Warszawa- drive vulnerability Identification (including awareness of current vulnerabilities and patches), prioritization, tracking, and remediation across global and regional systems
- develop the strategy, processes, and roadmap for the global vulnerability management program in coordination with the global technology and security teams
- develop policies, processes, playbooks, and other documentation as required to support the global vulnerability management program
- translate threat Intelligence into specific actions to mitigate or remediate vulnerabilities
- conduct risk-based analysis and prioritization by leveraging AI/ML and other tools where applicable
- communicate/coordinate remediation efforts with the global and regional technology and security teams, and key other stakeholders
- recommend and support remediation activities associated with any discovered vulnerability
- develop and disseminate reports on vulnerability status to executive leadership and other key stakeholders
- escalate risks, develop metrics, and report progress to executives and Incident Response Team as appropriate
- develop, schedule, coordinate, and perform regular scanning activities of both on-prem and cloud environments to identify network, host, and application security vulnerabilitiesdd
- develop and coordinate for vulnerability assessment and mitigation,including vulnerability scanning, security configuration development and scanning, and internal and externalpenetration testing as needed
- bachelor's degree in Computer Science, Engineering, Information Security or other related disciplines (or equivalent professional experience)
- minimum 5+ years of experience as a Vulnerability Assessment Engineer, Application Security Specialist, Cybersecurity Systems Engineer or equivalent role
- understanding of common regulatory or standards-based controlframeworks such as: PCI-DSS, ISO 27001/2, NIST 800-53, OWASP, SANS Top 20 Critical Security Controls and NIST Vulnerability Database (CVE &CCE)
- experience in deploying and operating vulnerability scanning infrastructure and services
- ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open-source tools as required
- advanced experience working with dashboards &reports for both technical and non-technical audiences
- understanding of software security issues, patch management, and supply chain processes
- advanced experience working with risk-based vulnerability management processes and tools such as Qualys, Rapid7, Tenable, F-Secure, or similar platforms
- ability to communicate risks and provide guidance for vulnerability remediation
- excellent written and verbal communication, interpersonal, intercultural, and presentation skills, and the proven ability to influence and communicate effectively at all levels (technical contributors up to senior management)
- preferred: Industry professional certifications such as CISSP, CISM, CISA, CRISC, GEVA, etc.
- occasional travel to ensure sound program execution may be necessary
Agencja zatrudnienia – nr wpisu 47
