We look for the risk-takers , the collaborators , the inspired and the inspirational. We want the people who are brave enough to work at the cutting edge and create solutions that will enrich and improve the lives of people across the globe. So, if you want to make the world say wow, let's talk.
The conversation starts here. If this role matches your ambitions and skillset, let's get started with your application. Take a look at our other open positions too. Our many opportunities can lead to infinite possibilities.
- At least 5+ years’ experience in Information Security or Information Technology field.
- Bachelor’s degree in Computer Science, Information Security, or equivalent experience.
- Solid grasp of OS and software vulnerabilities and remediation techniques.
- Experience working with multi-functional teams to track and deliver solutions.
- Hands-on experience working with a variety of vulnerability management and network scanning tools, such as Qualys, Tenable Security Center, OpenVAS, Nmap, Nikto, etc.
- Knowledge of both Windows and UNIX-based operating systems (i.e. Windows Server and client OS, RHEL, CentOS, Amazon Linux, MacOS), container technologies, and networking fundamentals.
- Solid experience in offensive security, adversarial tactics, techniques, and procedures, and common attack patterns such as binary exploitation, memory corruption, race conditions, web attacks, etc.
- In-depth knowledge of security standard methodologies, technologies and products and aim to continuously improve these skills.
- Ability to script and program using Python or other similar scripting languages (i.e. Bash, Python, C, Java, JavaScript, Perl), notably for working with RESTful APIs.
- Knowledge of CI/CD pipelines, Git or other version control systems, and cloud hosting environment’s (i.e. AWS) applicable security standard methodologies.
- Knowledge of the PCI Data Security Standard (PCI DSS).
- Good experience working with external teams to track and deliver solutions
- Superb attention to detail individual able to efficiently analyze and resolve problems.
- Strong verbal, communication, and diplomacy skills with all levels of the business.
- Must be self-motivated, able to work independently, and multi-task effectively.
** Responsibilities**
Serve as a Security Vulnerability Research Engineer who identifies threats and vulnerabilities, conducts research and analysis and validates issues to provide meaningful reports and relevant information to Global SIE organizations.
Facilitate work efforts related to vulnerability scanning appliance deployment, maintenance and patch management, and security operations across Global SIE teams in support of the Global Vulnerability Management Framework.
Use security, networking, and automation tools to enable early identification of threats to provide evidence-based security situational awareness, improved decision-making, and allow for timely threat mitigating actions.
Conduct detailed research and analysis of findings to eliminate false positives, provide mitigation techniques, and to significantly reduce time-to- remediation.
Build and publish remediation prioritization based on research, threat intelligence data as well as confidentiality, integrity, and availability requirements of SIE systems.
Facilitate implementation of security configurations and hardening settings for networks, operating systems, applications, databases, and other information system components.
Engage with partners, to include engineering and IT professionals, management, and auditors to Communicate security and compliance issues and ensure remediation.
Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls.
Perform continuous security validation testing for SIE network, cloud, and endpoint environments to provide improved visibility to our overall security posture.
Research and characterize risks to networks, operating systems, containers, applications, databases, and other information system components to facilitate implementation of configurations and hardening settings for these environments.
Provide remediation support to operations and service teams, ensure that vulnerabilities are mitigated or remediated within the timeframes specified in the SIE Global Vulnerability Management Standard.
Support multi-functional team efforts for asset management, tagging, and grouping.
Develop and demonstrate Proof of Concepts for identified vulnerabilities to convey business impact to partners and to distinguish true risk to SIE environments.
Evolve the Vulnerability Management toolsets and reporting to provide better vulnerability insight, create effective communications and meaningful reporting, and to automate vulnerability management-related operations and processes.
Find opportunities to improve asset inventories and better enrich vulnerability data. Conduct ongoing research to help validate completeness or identify “gaps”.
Collaborate with DevOps teams to improve security tool integration into CICD pipelines.
Ensure that documentation, data, assessment information, and Vulnerability Management program information are kept up to date.
Mentor, train, and assist personnel in the execution and use of new technologies, processes, and services.
Some travel may be required.