Summary:
The Vulnerability Management Engineer is responsible for managing the identification, assessment, reporting, and mitigation of infrastructure and cloud vulnerabilities.
A candidate for this role will have a mindset of a defender and be able to operate in a fast-paced environment working closely with our infrastructure team that includes Network,
Firewall, Hypervisors, Servers, and business application teams.
Primary Skills:
• At least 4+ years’ experience in Information Security or Information Technology field.
• Bachelor’s degree in computer science, Information Security, or equivalent combined experience.
• Hands-on experience with a variety of vulnerability management and network scanning tools, such as Qualys, Palo Alto, Tenable Security Center, OpenVAS, Nmap, web scanners, etc.
• Understanding of the relationship between operating systems, applications, and their dependencies, and how interrelated software vulnerabilities exist – with ability to determine remediation techniques in diverse environments.
• Conduct regular vulnerability scans and assessments on network devices, servers, applications, and databases.
• Perform vulnerability metrics reporting for ad-hoc and scheduled metrics report for various KPIs (Key Performance Indicators) around vulnerability management activities.
• Knowledge of both Windows and UNIX-based operating systems (e.g. Windows Server and Client OS, RHEL, Ubuntu, Amazon Linux, MacOS), and container technologies (e.g. Kubernetes, Docker).
• Ability to script and program using Python and other scripting and programming languages (i.e. SQL, Python, C, Java, JavaScript), notably for working with RESTful APIs.
• Perform regular security audits and compliance checks to ensure adherence to security policies and standards.
• Experience working with REST APIs and integrating API frameworks into wider business intelligence solutions.
• Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE).
Secondary Skill:
• Knowledge of the DORA Standard.
• Solid experience in offensive security, adversarial tactics, techniques, and procedures (e.g. using MITRE ATT&CK framework), and common attack patterns such as binary exploitation, memory corruption, race conditions, web attacks, etc.
• In-depth knowledge of security standard methodologies, technologies and products and aim to continuously improve these skills.
• Knowledge of CI/CD pipelines, GitHub or other version control systems, and cloud hosting environment’s (i.e. AWS) applicable security standard methodologies.
• Experience working in agile project management toolsets, creating tickets which break down work into manageable pieces, tracking capacity, and closing stories in a timely manner, and documenting work (i.e. Jira, Confluence, ServiceNow).
Soft Skill:
• Good experience working with numerous external teams to track and deliver solutions.
• Strong detail-oriented individual able to efficiently analyze and resolve problems.
• Strong verbal, communication, and diplomacy skills with all levels of the business.
• Must be self-motivated, able to work independently, and multi-task effectively.
Skills Desired:
• Exposure or knowledge of cloud architectures, services, and vulnerabilities.
• Understanding of risk assessment methodologies.
• Proficiency in using vulnerability scanning tools such as Qualys etc.
• Qualys, MDE & C, SNS, Excellent in Excel.
• Ability to interpret vulnerability data from multiple sources.
• Reporting and metrics expertise with platforms such as Splunk, PowerBI, etc
55439 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent
.