About the role:
- Develop and lead a world-class Vulnerability Management Program including management of the framework, tooling and reporting
- Conduct vulnerability scans at the network, operating system, and application levels on both internal and external systems to identify vulnerabilities and insecure configurations
- Assess cloud environments for misconfigurations, such as public S3 buckets and overly permissive security groups
- Review scan output and classify results based on prioritization
- Support in the ongoing development and maintenance of the vulnerability management automation pipeline and subsequent dashboard to assist and ensure timely reporting of vulnerabilities
- Provide technical guidance to engineering teams, application owners and end-users regarding the impact of security issues and remediation techniques
- Provide vulnerability metrics to asset owners as well as leadership level program reporting metrics
- Assist in generating asset inventory reports and identifying discrepancies
- Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
- Support various compliance audits, including ISO2700 series, PCI and HIPAA
- Continue to look for and drive process improvements, automation and integrations amongst the various security tools
- Document security guidance, process and related policy
About You:
- At least 5 years of experience in Vulnerability Management
- Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
- Experience with the deployment and configuration of Tenable.io, Burp Suite, Netsparker or similar scanning tools
- Experience administering Microsoft Windows (Server and Desktop) and Linux (CentOS, RHEL, etc.) operating systems
- Knowledge of Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, or other cloud platforms and related technologies
- Knowledge of Active Directory, Group Policy and Patch Management tools
- An understanding of network and web related protocols (such as, TCP/IP, UDP, DNS, IPSEC, HTTP, HTTPS, routing protocols)
- Development experience with one of the following languages: Python, Java, Go or Ruby
- Experience with common CI/CD and software deployment automation tools
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge
- Strong sense of ownership, urgency, and drive
Company Benefits:
We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Pension and Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement