Meet Our Team:

Pega is a leader in customer engagement and digital process automation offering a commercial SaaS version of our industry-leading platform to our global clients. In fact, we were recently recognized as one of the “Top 10 Tech Winners For The AI Revolution” by industry analysts. On the frontlines of this success is the Pega Cloud Security Operations Center (CSOC). Our team of information security professionals is charged to protect Pega’s commercial cloud assets and offerings. We accomplish this by creatively deterring, detecting, denying, delaying, and defending against internal and external security threats. The CSOC provides detection, monitoring, and incident response services for Pega Cloud.

Picture Yourself at Pega:

As a Principal Cloud Vulnerability Analyst, you will play a critical role in developing processes that drive proactive automated detection, triage, and reporting of vulnerabilities in Pega’s cloud infrastructure and platform deployments. You will use data and output from our vulnerability scanning tools, work closely with various engineering teams to understand vulnerabilities, and collaborate with the CSOC’s Threat Detection Team to proactively develop detection use cases to support the quick resolution of security events and incidents. This is a role of significant responsibility, oversight and visibility, and an opportunity to get involved in cutting-edge DevSecOps processes. Additionally, you’ll contribute to the success of our globally recognized brand. Your efforts will directly impact the security and trust our clients place in us, as we help them transform their business processes and drive meaningful digital experiences. 

At Pega, your expertise in cloud security is valued, and your passion for protecting data is celebrated. Join us in shaping the future of secure cloud operations and make a lasting impact on the world of technology.
 

What You'll Do at Pega: Ensure that our vulnerability detection tools are effectively scanning all of our cloud assets and that stakeholders are aware of existing and new vulnerabilitiesUse output from our scanning solutions and SIEM to develop vulnerability reports and periodic briefs for Pega Cloud stakeholders to communicate vulnerability exposure and priorityWork closely with Pega’s Security Engineering, Cloud Engineering, Software Engineering, Product Management, and Project Management teams to identify vulnerabilities and validate remediationCollaborate with the Security Analyst and Threat Intelligence teams to prioritize threat hunt hypotheses based on the Pega threat landscapeCollaborate with the Threat Detection team to develop use cases to detect attempted exploits of known vulnerabilitiesLead within a culture of ownership and accountabilityEducate, mentor, and empower junior team members to be future experts and leadersHybrid ideal
 Who You Are:

You are an experienced vulnerability management analyst with a “self-starter” attitude. As a tenacious guardian of digital landscapes, you desire to leverage your extensive expertise in cloud security to identify, assess, and mitigate vulnerabilities before they can be exploited. With a passion for innovation and a commitment to excellence, you thrive at the intersection of technology and security, employing cutting-edge tools and methodologies to fortify cloud infrastructures. Your analytical mindset and collaborative spirit empower teams to adopt best practices, ensuring robust security postures that not only protect assets but also drive business growth. Your chief professional goal is to build a resilient cloud environment that inspires confidence and fosters success.
 
You have a history of success in the information security industry. Your list of accolades include:

SANS, Offensive Security, or other top-tier industry recognized technical security certifications focused on analysis, detection, and/or incident responseIndustry recognition for identifying security gaps to secure applications or products A Bachelor’s Degree in Cybersecurity, Computer Science, Data Science, or related field is a plus
 What You've Accomplished: Experience studying and managing vulnerabilities within the following technologies: AWS, GCP, Linux, Kubernetes, Docker, Tomcat, Java, Artifactory, web applications, PostgreSQLFamiliar with tracking vulnerabilities in several scanning tools and methodologies (e.g. Tenable Nessus, JFrog XRay, Trivy, Grype, Veracode, SAST/DAST, etc.)Ability to explain complex security issues to a business-focused audience, both verbally and in writing technical reportsPossess a solid baseline skillset in core cloud/web delivery technologies (AWS, GCP, Kubernetes, Docker, Linux, Tomcat, Artifactory, relational databases)Possess wide-ranging experience in information security with focus on vulnerabilities and how they are exploitedFamiliar with threat modeling and the MITRE ATT&CK Framework, and how to use them to evaluate vulnerabilitiesYou have a solid understanding of OWASP practices and how the OWASP top risks can be exploitedComprehensive technical knowledge of Linux operating systems and how they are exploited and defendedExperience with Python, Linux shell/bash, and PowerShell scriptingExperienced with a range of compliance programs such as FedRAMP, FISMA, SOC 1/2/3, PCI and ISO 9001, 27001, 27017 & 27018Well organized, with excellent verbal and written communication skills, including poise in high pressure situationsA demonstrated ability to work in a team environment and foster a healthy, productive team cultureExperience in validating or testing vulnerabilities as part of a red team or penetration testing team is a plusExperience developing standard operating procedures (SOPs),  runbooks/playbooks for repeated actions, and security policies is a plusExperience using Splunk (particularly writing SPL) is a big plusExperience with Google Chronicle/SecOps/BigQuery is a big plus
 Pega Offers You: Gartner Analyst acclaimed technology leadership across our categories of productsContinuous learning and development opportunitiesAn innovative, inclusive, agile, flexible, and fun work environmentCompetitive global benefits program inclusive of pay and bonus incentive, employee equity in the company

#LI-JS1

Job ID: 21453