About the role:

• Develop and lead a world-class Vulnerability Management Program including management of the framework, tooling and reporting
• Conduct vulnerability scans at the network, operating system, and application levels on both internal and external systems to identify vulnerabilities and insecure configurations
• Assess cloud environments for misconfigurations, such as public S3 buckets and overly permissive security groups
• Review scan output and classify results based on prioritization
• Support in the ongoing development and maintenance of the vulnerability management automation pipeline and subsequent dashboard to assist and ensure timely reporting of vulnerabilities
• Provide technical guidance to engineering teams, application owners and end-users regarding the impact of security issues and remediation techniques
• Provide vulnerability metrics to asset owners as well as leadership level program reporting metrics
• Assist in generating asset inventory reports and identifying discrepancies
• Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
• Support various compliance audits, including ISO2700 series, PCI and HIPAA
• Continue to look for and drive process improvements, automation and integrations amongst the various security tools
• Document security guidance, process and related policy

About You: 

• At least 5 years of experience in Vulnerability Management
• Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
• Experience with the deployment and configuration of Tenable.io, Burp Suite, Netsparker or similar scanning tools
• Experience administering Microsoft Windows (Server and Desktop) and Linux (CentOS, RHEL, etc.)  operating systems
• Knowledge of Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, or other cloud platforms and related technologies
• Knowledge of Active Directory, Group Policy and Patch Management tools
• An understanding of network and web related protocols (such as, TCP/IP, UDP, DNS, IPSEC, HTTP, HTTPS, routing protocols)
• Development experience with one of the following languages: Python, Java, Go or Ruby
• Experience with common CI/CD and software deployment automation tools
• Excellent written and verbal communication skills
• Demonstrable teamwork skills and resourcefulness
• Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge
• Strong sense of ownership, urgency, and drive

Company Benefits:

We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Pension and Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement