This job listing expired on Jun 8, 2021
Tweet
  • Establish & run a vulnerability management program.
  • Knowledge of cyber threats and vulnerabilities.
  • Determine overall Common Vulnerabilities and Exposures (CVE) priority when threat activity is identified; report incidents that may cause immediate and/or ongoing impact to the environment.
  • Knowledge of system and application security threats, vulnerabilities, and cyber attackers.
  • Conduct vulnerability assessment and penetration test on networks, web applications,
  • mobile applications
  • Monitor external data sources to determine which security issues may have an impact on the enterprise.
  • Work with the engineering team to identify, assess, triage, assign and remediate vulnerabilities.
  • Continue to improve infrastructure vulnerability management process using data driven and automated approach.
  • Create a reporting capability supporting all levels such as engineering team, compliance, and executive management to highlight current status of infrastructure from vulnerability management perspective.
  • Drive the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs.
  • Work across Information and Cyber Security discipline to consolidate, manage and ensure that vulnerability management lifecycle is followed.
  • Develop automation to maintain the efficiency of security testing at large-scale.
  • Manage bug bounty program.

Job Requirements

  • Good knowledge of Cloud environment, Docker, Linux, macOS, and Active Directory.
  • Deep security hands-on skills in web application and infrastructure security.
  • Experience in Information Security, Vulnerability Management or Secure Software Development Life Cycle (SSDLC).
  • Proficiency in one or more scripting language. E.g., Perl, Python, Shell Scripting etc.
  • Process one of the following: OSCP, OSEP, OSCE, CREST CCWAT/CCSAS/CCSAM/CCTIM, GPEN, GWAPT, GSLC.
  • Preferred certifications: CISSP, CISM, CISA, ISMS, TOGAF, SABSA etc.
  • Familiar with various tools Burp Suite, Kali Linux, Metasploit, Nessus, Nmap, Netsparker, Wireshark, etc.
  • Strong verbal and written communications skills.
  • Good reporting skills.
  • Ability to report to a technical and non-technical audience.
  • BS degree in Computer Science.
  • Positive mindset, open-minded and adaptable for a change fast-paced environment.

Good to have:

  • Experience with NIST-based security compliance frameworks and standards including FedRAMP, FISMA, NIST Cybersecurity Framework, and NIST 800-series.
  • Experience with ISO 27001, SOC2, PCI, and HIPAA and familiarity with the types of evidence that need to be presented.
  • Good knowledge of Cyber Kill Chain and MITRE ATT&CK framework.
  • Public disclosure of vulnerabilities or relevant awards/CVEs.
  • Awarded in CTFs or bug bounty.