Job Description


GENERAL PURPOSE

The Security Engineer is responsible for ongoing vulnerability identification, assessment, prioritization and remediation planning to continually improve the security posture.  

The Security Engineer is responsible for working within a multi-disciplined team to provide expertise on network, infrastructure and application vulnerability scanning, analysis and reporting. This role will evaluate any identified vulnerability for exploitability using several testing techniques. 

 

ESSENTIAL FUNCTIONS:

List the core duties or tasks that are fundamental to the performance of the job.  Define purpose, function and the result to be accomplished.  Also, focus on frequency, time spent, etc.  List in order of importance.  

• Responsible for executing network and infrastructure vulnerability scans, working with cross-functional teams to evaluate the appropriate risk, recommend appropriate remediation solutions for identified vulnerabilities and track remediation.  

• Responsible for maintaining and categorizing inventory of assets to be scanned.

• Responsible for maintaining vulnerability scan tools, integration with various intelligence feeds and downstream workflow management tools and automation of scanning and reporting. 

• Coordinate work efforts with other teams such as patch team, infrastructure management, security operations, governance & risk. Communicate project and operational metrics.  

• Assist in developing action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the vulnerability management program.

• Stays informed about the latest developments in the information security field, including latest vulnerabilities, new products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, special training seminars, and other methods

• Monitors current and proposed laws, regulations (ie. PCI, SOX, HIPAA)  and industry standards related to vulnerability management, so that company is warned in advance and is ready to be fully compliant with these requirements.

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• At least 8 to 12 years’ experience supporting IT systems, processes or capabilities

• Five years of Information Technology Security, at least 3 with large enterprise organizations

• A solid understanding of industry best practices for Vulnerability Management; specific demonstrated experience mapping business processes and comparing those processes to industry best practices

• The ability to work closely with Business and development and a thorough understanding of the balance between Business and Security requirements

• Excellent understanding of network, system and application security

• Knowledge of OWASP framework and application security best practices

• Knowledge of various vulnerability scanning solutions, scripting and automation

 

 

Location: Dublin, CA

Duration: Contract to Hire