Omni Inclusive
Security Vulnerability Engineer
Omni Inclusive, Bellevue, Washington, us, 98009
Primary Tasks and Responsibilities:• ssist in defining, driving, and delivering key elements of Truveta's vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company• Establish regular and actionable vulnerability reports for review by Leadership and Engineers• Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements• Establish vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams• Proactively engage Engineering teams to ensure timely remediation of vulnerabilities identified during application security assessments, cloud infrastructure vulnerability scans, and manual application security tests• bility to use automation tools to write orchestration playbooks to remediate configuration issues/apply patches, etc.• Manage day-to-day operations of vulnerability identification and remediation at Truveta• Be curious about Truveta's produces services and how cyber risks and vulnerabilities could impact operations• Use prior experience to lead, mentor, and coach peers in effectively managing vulnerabilities• Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services• Continuously review security and privacy practices• Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services• Upkeep of vulnerability management security tooling
Key Qualifications:• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems• 5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment• Must have prior development experience with Python, .NET, and Java code languages• Experience designing and managing a world-class vulnerability management program• Excellent written and verbal skills• bility to be a self-starter and motivated to help Engineering teams understand cyber security best practices• dvanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools• Experience creating and implementing strategies for complex systems• Knowledge and experience with information security controls, infrastructure, and implementation techniques
Preferred Qualifications• Experience in improving vulnerability remediation requirements• Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations• Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH• Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)• Experience in securely operating highly distributed systems with published SLAs• Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2
Key Qualifications:• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems• 5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment• Must have prior development experience with Python, .NET, and Java code languages• Experience designing and managing a world-class vulnerability management program• Excellent written and verbal skills• bility to be a self-starter and motivated to help Engineering teams understand cyber security best practices• dvanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools• Experience creating and implementing strategies for complex systems• Knowledge and experience with information security controls, infrastructure, and implementation techniques
Preferred Qualifications• Experience in improving vulnerability remediation requirements• Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations• Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH• Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)• Experience in securely operating highly distributed systems with published SLAs• Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2