Technical Security Engineer I - FT42869
Date Added
06/09/2015
Status
Active
Position Type
Perm
Industry
IT - All
Number of Positions
1
Start Date
ASAP
Salary
Open
Location
Denver, CO
United States
Travel Percent
N/A
Job Description
The Patch & Vulnerability Management Technical Security Engineer will be responsible for configuring vulnerability assessment tool(s), performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results. Approaches for addressing patches and vulnerabilities may include vendor patching, deployment of specialized controls, code or infrastructure changes, and improvements in development processes. These approaches will be developed and deployed with a variety of teams, including IT Security operational and engineering teams, application and infrastructure teams (both engineering and operational), and tool support teams. Responsibilities: : Establish a Risk Management Framework that will be used to assess vulnerabilities against the systems to determine risk level and mitigation strategy. : Plan, develop, and execute vulnerability scans of organization information systems. : Analyze data from threat and vulnerability feeds and analyze data for applicability to the environment. : Monitor for and review vendor patches for applicability and impact to the network and systems. : Identify and resolve false positive findings in assessment results. : Manages enterprise vulnerability assessments and configuration patch and vulnerability scanning tools. : Generate reports on assessment findings/patch compliance and summarize information to facilitate remediation tasks. : Manage risk by analyzing technology security threats and potential impacts to the business and help define solutions to mitigate exposure by leveraging expert analytical and technical skills. : Build and maintain a comprehensive process to care for all vulnerabilities that impact the business process. : Respond to & manage remediation of prioritized vulnerabilities and unpatched systems. : Develop a clear picture of the risks against our assets, business areas, brands. : Provide critical analyses and information from vulnerability data which can be leveraged to enhance the security of our products. : Work closely with Security Awareness contact to socialize awareness of new vulnerabilities and threats by leveraging threat alerting services and industry research. : Manage tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with responsible technology developers and support teams Technical Skills: : Must have in-depth knowledge of information security policies. : Required ability to effectively influence others to modify their opinions, plans, or behaviors. : Project management experience on information security processes and within software development lifecycles. : Familiarity with metrics and measurements used in vulnerability assessment methods as well as software quality assurance. : Proven knowledge of infrastructure, database, network and web application security vulnerability issues. : Experience in maintaining an up to date Measures & Metrics knowledge base for vulnerabilities as well as conduct trend analysis and develop complex reports. Experience in the following technologies: : Vulnerability Scanners, Vulnerability Management Systems, Host Based Security Systems, Patch Management. : Excellent written and verbal communication skills. : Excellent problem solving skills Requirements: : CISSP, CISA or equivalent designation. : Minimum Bachelors degree in Information systems or related field or an equivalent combination of education and experience. : Minimum 3 - 5 years of hands-on technology risk, security and/or governance experience. : Solid understanding of information security policies, standards and industry best practices. : Experience in performing risk assessments on different applications and technologies. : Excellent written & communication skills. : Excellent organizational skills with respect to time management and work production. : Experience using GRC tools
Date Added
06/09/2015
Status
Active
Position Type
Perm
Industry
IT - All
Number of Positions
1
Start Date
ASAP
Salary
Open
Location
Denver, CO
United States
Travel Percent
N/A
Job Description
The Patch & Vulnerability Management Technical Security Engineer will be responsible for configuring vulnerability assessment tool(s), performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results. Approaches for addressing patches and vulnerabilities may include vendor patching, deployment of specialized controls, code or infrastructure changes, and improvements in development processes. These approaches will be developed and deployed with a variety of teams, including IT Security operational and engineering teams, application and infrastructure teams (both engineering and operational), and tool support teams. Responsibilities: : Establish a Risk Management Framework that will be used to assess vulnerabilities against the systems to determine risk level and mitigation strategy. : Plan, develop, and execute vulnerability scans of organization information systems. : Analyze data from threat and vulnerability feeds and analyze data for applicability to the environment. : Monitor for and review vendor patches for applicability and impact to the network and systems. : Identify and resolve false positive findings in assessment results. : Manages enterprise vulnerability assessments and configuration patch and vulnerability scanning tools. : Generate reports on assessment findings/patch compliance and summarize information to facilitate remediation tasks. : Manage risk by analyzing technology security threats and potential impacts to the business and help define solutions to mitigate exposure by leveraging expert analytical and technical skills. : Build and maintain a comprehensive process to care for all vulnerabilities that impact the business process. : Respond to & manage remediation of prioritized vulnerabilities and unpatched systems. : Develop a clear picture of the risks against our assets, business areas, brands. : Provide critical analyses and information from vulnerability data which can be leveraged to enhance the security of our products. : Work closely with Security Awareness contact to socialize awareness of new vulnerabilities and threats by leveraging threat alerting services and industry research. : Manage tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with responsible technology developers and support teams Technical Skills: : Must have in-depth knowledge of information security policies. : Required ability to effectively influence others to modify their opinions, plans, or behaviors. : Project management experience on information security processes and within software development lifecycles. : Familiarity with metrics and measurements used in vulnerability assessment methods as well as software quality assurance. : Proven knowledge of infrastructure, database, network and web application security vulnerability issues. : Experience in maintaining an up to date Measures & Metrics knowledge base for vulnerabilities as well as conduct trend analysis and develop complex reports. Experience in the following technologies: : Vulnerability Scanners, Vulnerability Management Systems, Host Based Security Systems, Patch Management. : Excellent written and verbal communication skills. : Excellent problem solving skills Requirements: : CISSP, CISA or equivalent designation. : Minimum Bachelors degree in Information systems or related field or an equivalent combination of education and experience. : Minimum 3 - 5 years of hands-on technology risk, security and/or governance experience. : Solid understanding of information security policies, standards and industry best practices. : Experience in performing risk assessments on different applications and technologies. : Excellent written & communication skills. : Excellent organizational skills with respect to time management and work production. : Experience using GRC tools