The will provide technical expertise in the design, implementation, and development of the firm's vulnerability management program. The role holder will work to continuously improve the vulnerability management posture of the firm.
Design, architect, and operate the firm's vulnerability management tools to ensure they are running on a 24/7 basis
Manage and develop a large enterprise vulnerability assessment toolset and articulate risk and vulnerability impact to key stakeholders and technical teams
Design and produce an effective vulnerability reporting program for executive-level consumption
Skills and Experience:
Computer Science Bachelor’s degree or substantial equivalent experience
Experience with CISSP, CCSP, CompTIA Security+, or equivalent
Extensive experience in security vulnerability management for a large Windows enterprise
Strong administrative experience with vulnerability scanning tools such as Nessus, Nmap, Qualys, etc.
Experience and understanding of Windows patching methods, SCCM, MS Intune, and Group policy deployment.
Good understanding of NIST 800-53 standards, best practices, and regulatory compliance.
Excellent understanding of CVSS scoring vulnerability rating and risk prioritization
Working knowledge of cloud security technologies and vulnerability assessment for IaaS & PaaS environments
Expert analytical skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions
Ability to adapt, integrate, and modify existing programs or vendor-supplied package programs for use with existing information systems
Proficient in oral and written English
Ability to be productive and maintain focus without direct supervision