Job Description :
Senior Vulnerability Management Engineer
We are looking for highly self-motivated candidate for our Global Vulnerability Management team within Global Security and Risk. Our team performs one of the most critical security and risk functions at the firm detecting vulnerabilities in our technology and ensuring their remediation before they can be exploited by malicious hackers.
Key Responsibilities:
Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
Collaborate extensively with firms engineering teams to help them understand their vulnerabilities and collectively develop remediation and mitigation strategies.
Follow public and/or private vulnerability feeds
Rate D&B’s exposure (impact and likelihood of compromise) to newly identified vulnerabilities
Provide proof-of-concept exploits in a lab environment to demonstrate exploitability
Provide risk assessment inputs into patch management policies and activities for multiple platforms across the firm.
Develop and maintain metrics and reports on vulnerability findings and remediation compliance.
Contribute to network security strategy and automation
Maintain knowledge and skillset relevant to trends in the industry
Qualifications/Requirements:
Minimum 10-12 years of security experience, specifically around organizational security and vulnerability management.
Experience with common vulnerability feeds from government, vendor, and open source communities
Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
Ability to assess and articulate actual business risk along with good report writing and client presentation skills of researched vulnerabilities
Demonstrated understanding of infrastructure and cloud vulnerability scanning
Ability to develop and maintain positive relationships with other technology teams
Good understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
Scripting and/or programming skills (e.g., Python, PowerShell, Java, JS, etc
A strong understanding of application, Linux, Windows and network security
Ability to work both independently and in a highly collaborative team environment
Understanding of the lean and agile framework and processes
Strong communication skills – written and verbal