Duties & Accountabilities
• Perform recurring and on-demand scanning of organization systems and cloud environments.
• Assist central team in resolving information security incidents, including targeted threats and internal incidents.
• Maintain documentation regarding vulnerability management, including policies and procedures.
• Improve and automate existing vulnerability management systems.
• Research and assess emerging security threats and vulnerabilities.
• Provide technical support for vulnerability management projects.
• Communicate the risks of identified vulnerabilities and recommend security controls to mitigate them.
Requirements
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3 – 5 years of experience in information security, compliance, audit and/or risk management in a technology environment.
• 5+ years of experience in vulnerability management or compliance monitoring.
• Experience in vulnerability scanning, penetration testing, network admission control, and/or SIEM.
• Experience in design and implementation of security technologies.
• Experience with Application Security Architecture and authorization approaches (role-based access control, tier controls, etc).
• Experience with IT controls monitoring for regulatory and compliance requirements.
• Experience with visualization tools.
• In-depth knowledge of information security best practices, standards and frameworks.
• Knowledge of technical concepts such as cloud computing, automation, networking, and application development.
• Knowledge of vulnerability data management and reporting process automation.
• Knowledge of OWASP tools and methodologies.
• Security-related certifications, e.g. CISA, CISSP, CRISC is preferred.
• Experience securing cloud-first environments.
• Demonstrated understanding of business processes, risk management, IT controls and related standards.
• Experience facilitating external assessments, such as security audits or regulatory inquiries.
• Knowledge of security control frameworks and standards such as SOC2, ISO 27001, NIST, etc.
• Familiar with ServiceNow and Google Workspace.
• Excellent written and verbal communication skills. Excellent communicator in English and possess great interpersonal skills.
