This job listing expired on Jun 8, 2021
- Establish & run a vulnerability management program.
- Knowledge of cyber threats and vulnerabilities.
- Determine overall Common Vulnerabilities and Exposures (CVE) priority when threat activity is identified; report incidents that may cause immediate and/or ongoing impact to the environment.
- Knowledge of system and application security threats, vulnerabilities, and cyber attackers.
- Conduct vulnerability assessment and penetration test on networks, web applications,
- mobile applications
- Monitor external data sources to determine which security issues may have an impact on the enterprise.
- Work with the engineering team to identify, assess, triage, assign and remediate vulnerabilities.
- Continue to improve infrastructure vulnerability management process using data driven and automated approach.
- Create a reporting capability supporting all levels such as engineering team, compliance, and executive management to highlight current status of infrastructure from vulnerability management perspective.
- Drive the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs.
- Work across Information and Cyber Security discipline to consolidate, manage and ensure that vulnerability management lifecycle is followed.
- Develop automation to maintain the efficiency of security testing at large-scale.
- Manage bug bounty program.
Job Requirements
- Good knowledge of Cloud environment, Docker, Linux, macOS, and Active Directory.
- Deep security hands-on skills in web application and infrastructure security.
- Experience in Information Security, Vulnerability Management or Secure Software Development Life Cycle (SSDLC).
- Proficiency in one or more scripting language. E.g., Perl, Python, Shell Scripting etc.
- Process one of the following: OSCP, OSEP, OSCE, CREST CCWAT/CCSAS/CCSAM/CCTIM, GPEN, GWAPT, GSLC.
- Preferred certifications: CISSP, CISM, CISA, ISMS, TOGAF, SABSA etc.
- Familiar with various tools Burp Suite, Kali Linux, Metasploit, Nessus, Nmap, Netsparker, Wireshark, etc.
- Strong verbal and written communications skills.
- Good reporting skills.
- Ability to report to a technical and non-technical audience.
- BS degree in Computer Science.
- Positive mindset, open-minded and adaptable for a change fast-paced environment.
Good to have:
- Experience with NIST-based security compliance frameworks and standards including FedRAMP, FISMA, NIST Cybersecurity Framework, and NIST 800-series.
- Experience with ISO 27001, SOC2, PCI, and HIPAA and familiarity with the types of evidence that need to be presented.
- Good knowledge of Cyber Kill Chain and MITRE ATT&CK framework.
- Public disclosure of vulnerabilities or relevant awards/CVEs.
- Awarded in CTFs or bug bounty.