Security Vulnerability Engineer

Main Responsibilities:Responsibilities include but are not limited to:Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to environment and determine appropriate mitigating controls.Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon policies and standards.Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.Review and/or escalate exception requests submitted to the VM teamUsing a risk based approach, analyze vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.Requirements:Training and occupational experience:B.S. in Computer Science or equivalent fieldCISSP, CISM or similar industry certification+5 years of experience in Vulnerability Management or related field.Essential Specific Requirements:Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & eliminationStrong knowledge of Qualys, Nexpose or Nessus including configuration and maintenance, scan execution, agent deployment and oversightExperience of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).Experience Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).Experience of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.Previous experience working in large-scale environments with diverse technologies is a must.Knowledge of scripting languages desired

#J-18808-Ljbffr