Information Security Engineer-Vulnerability Management
27500 Riverview Center Blvd #100 Bonita Springs, FL 34134
Join our clients growing security team as a Vulnerability Management-Information Security Engineer. This position will have a huge impact on keeping the organization secure by seeking out it’s vulnerabilities in the web sites, mobile applications, business applications and infrastructure and managing their remediation. You’ll work with industry leading tools (e.g., Qualys, Veracode, Tanium, Altiris) to identify and assess vulnerabilities. You’ll have plenty of room to grow into dynamic application security testing and penetration testing.
- Achieve total visibility of the organization’s vulnerabilities, internal and external, application and infrastructure
- Prioritize vulnerabilities based on an understanding of the threat landscape and the asset’s risk profile
- Break down the vulnerabilities as needed for Dev and Operations teams to address
- Improve and automate upon existing vulnerability management lifecycle. Included but not limited to data ingestion & normalization, compliance metrics and detections on ephemeral assets
- Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies
- Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks
- Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform
- Develop dynamic application security testing and penetration testing expertise (via formal training, self-driven learning, and shadowing 3rd party pen testers), eventually performing hands on penetration testing of company applications and appsec testing
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.
- 3+ years of related professional experiences
- Certifications such as GIAC Security Essentials (GSEC), GIAC Web Application Penetration Tester (GWAPT) or CompTIA Security +
- Professional experience in Information Security
- Vulnerability & Secure Code solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, AppSpider
- Intermediate to Proficient in scripting languages
- Fundamental understanding of OWASP Top 10 Web application Security Risks
- Diverse Cloud Computing (AWS & Azure)
- Network Switching and Routing (Cisco, Juniper), Familiarity of TCP/IP and associated protocols.
- Understanding of Windows and Linux
- Experience with dynamic application security testing and/or penetration testing a plus
- Understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, and information security best practices.
- Experience with data metrics & normalization with the ability to provide qualitative & quantitative analysis and recommendations
- Excellent verbal and written communication skills
- Excellent organizational and/or project ownership skills
- Ability to develop excellent working relationships with a variety of other enabling teams
- Excellent attention to detail, data accuracy, and data analysis
- Self-motivated and works with a high level of intellectual curiosity and a high degree of integrity