Vulnerability and Application Security Manager
Vulnerability and Application Security Manager:
Our direct client, a fast-growing FinTech firm, is looking for a Vulnerability and Application Security Manager, in this role, you will develop, deploy, and oversee vulnerability management and aspects of application security across company’s desktop, infrastructure, public cloud, and SaaS providers. The role will champion and guide maturing the existing program through the deployment of new scanning, patching, monitoring, and reporting capabilities. Vulnerability management will offer input into company’s security policy, enforcement model, application development, and technology configuration to ensure all desktops, platforms, and applications are compliant and secure.
This candidate must be hands-on, comfortable working in small teams, and interested in continually researching to improve knowledge and company’s platforms and tools.
- Manage and improve the Vulnerability management process including tools, reporting, and governance.
- Detection and assessment of vulnerabilities across endpoints, public cloud, and SaaS environments.
- Manage third-party penetration testing teams.
- Monitor and report on vulnerabilities and patch status.
- Verification of the baseline configuration, performance of compliance tests, and monitoring of drift.
- Identify and manage tools to manage scanning, mitigations, corrective actions, verification, and policy exception.
- Risk modelling and cooperation with SOC in risk analysis.
- 5+ years’ experience in a highly technical Information Security role
- 3+ years’ experience in vulnerability management across operating systems, applications, and cloud security configurations
- 3+ years’ experience with security technologies and applications in enterprise and cloud environments (e.g., vulnerability scanners, IDS, firewalls, proxies, Networks, Laptops, Desktops, Wireless Access Points)
- 2+ years’ experience with information security responsibilities related to public cloud custom build software products
- BS/BA degree (i.e., Computer Science/Engineering, Business, etc.)
- Master’s degree or other advanced degree in the field of cybersecurity
- Experience in the telecommunications, financial services, defense, or government industries
- Working knowledge/experience with Python, SQL, and REST APIs
- Experience implementing security controls within the CI/CD as it relates to containers
- Experience with information security best practices, including a good understanding of OS concepts, process management, and resource scheduling in Windows and Linux environments
- Strong understanding of cybersecurity threats and technology related risk
- Ability to work independently or as part of a group
- Solid problem-solving abilities
- Strong ability to review system and application data and develop metrics and reporting
- CISSP or related experience
- Developed and defined Vulnerability Management process
- Detection and assessment of vulnerabilities
- Monitoring and reporting of vulnerabilities
- Activities in the Vulnerability Management process
- Verification of the baseline configuration and performance of compliance tests
- Recommendations of mitigation and corrective actions and verification of their implementation
- Risk modelling and cooperation with SOC in risk analysis
- Understanding in reading / assessing vulnerability disclosures (CVE, CVSS)
- Management of third-party penetration testing teams
Job ID: 4746