logo

View all jobs

Vulnerability Management Engineer (JP7612)

Virginia, VA · Information Technology
Job Title:  Vulnerability Management Engineer (JP7612)
Location: Virginia, USA. (100% Remote)
Employment Type:  Contract
Business Unit: GIP Strategy and Cyber Operations
Duration: 3+ months (with likely extensions)
Posting Date: 8/25/20
 
 
3 Key Consulting is hiring a Vulnerability Management Engineer for a consulting engagement with our direct client, a leading global biopharmaceutical company.
 
Job Description:
The Vulnerability Management Engineer plays an integral role in information security for our client. The primary responsibility is to support various capabilities within information security like vulnerability management, cyber threat intelligence, and others. The Vulnerability Management Engineer will work with various stakeholders at the client in a manner aligned to client’s values to define and implement information security services strategies, standards, tools and processes.
 
This Vulnerability Management Engineer will work with other internal teams like Security Operations on architecting, designing, and implementing technologies, processes, and other improvements in vulnerability management. This will also include participation in on-call activities.
 
The Vulnerability Management Engineer will be a part of client’s Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security.
 
The role will be part of the Information Security team responsible for delivering security services across client globally. This position will focus on information security services and technologies but will support Threat & Vulnerability Management. Areas of responsibility include:
  • Configure, conduct, understand, review vulnerability assessments and provide false positive validation.
  • Coordinate with internal and external stakeholders to remediate or mitigate security vulnerabilities.
  • Use strong interpersonal skills to articulate vulnerabilities to technical and non-technical audiences.
  • Assist in recommending and prioritizing remediation efforts within infrastructure and application teams.
  • Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with support teams.
  • Developing automated and ad hoc reports of security metrics.
  • Serve as an escalation point for all technical issues regarding vulnerabilities.
  • Provide support and for the organization’s day-to-day counterintelligence program.
  • Support Cyber Security Operations Center on security incidents including contributing to mock security incident exercises.
  • Build upon existing capability, recommending cutting-edge tools and procedures to detect threats and protect the firm’s intellectual property and assets.
  • Maintain current workflows and develop new ones as needed.
  • Implement and maintain API integrations between internal systems to provide enrichment and support workflows.
  • Advise incident responders as they develop and coordinate response, containment and remediation capabilities as appropriate.
  • Management of technologies and processes relating to assigned Information Security capability including issue identification and resolution, integration with other tools, documentation, gap assessment, gap resolution and continuous improvement of the service.
  • Define, provide, and improve metrics on the assigned services including the use of appropriate applications and tools for reporting.
  • Develop or participate in the development of business cases and presentations on information security technologies of interest to client.
  • Participate in proactive research and provide recommendations for continuous improvement on information security technologies, processes and services.
  • Develops, implements, and sustains operational scripts, data structures, libraries and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment.
  • Analyzes, designs, develops and operates programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context.
  • Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.
 
Vulnerability Management Engineer will also present project status reports to senior management, adhere to policies and practices relative to technical guidelines and change management processes, and may contribute to the development of new policies and practices by suggesting innovative ideas.
 
Why is the Position Open?
Additional workload on the team.
 
 
Top Must-Have Skill Sets:
Demonstrated experience working with any of the following: (intermediate level)
  • Security Information and Event Management.
  • Vulnerability Management.
  • Endpoint Security.
  • Web Security.
  • Incident Response.
  • Detailed knowledge of Windows and/or Linux systems and associated scripting languages (intermediate experience).
  • 2 years experience in Information Security.
  • 4 years experience in Information Systems
 
 
Day to Day Responsibilities:
  • Configure, conduct, understand, review vulnerability assessments and provide false positive validation.
  • Coordinate with internal and external stakeholders to remediate or mitigate security vulnerabilities.
  • Use strong interpersonal skills to articulate vulnerabilities to technical and non-technical audiences.
  • Assist in recommending and prioritizing remediation efforts within infrastructure and application teams.
  • Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with support teams.
  • Developing automated and ad hoc reports of security metrics.
  • Serve as an escalation point for all technical issues regarding vulnerabilities.
  • Provide support and for the organization’s day-to-day counterintelligence program.
  • Support Cyber Security Operations Center on security incidents including contributing to mock security incident exercises.
  • Build upon existing capability, recommending cutting-edge tools and procedures to detect threats and protect the firm’s intellectual property and assets.
  • Maintain current workflows and develop new ones as needed.
  • Implement and maintain API integrations between internal systems to provide enrichment and support workflows.
  • Advise incident responders as they develop and coordinate response, containment and remediation capabilities as appropriate.
  • Management of technologies and processes relating to assigned Information Security capability including issue identification and resolution, integration with other tools, documentation, gap assessment, gap resolution and continuous improvement of the service.
  • Define, provide, and improve metrics on the assigned services including the use of appropriate applications and tools for reporting.
  • Develop or participate in the development of business cases and presentations on information security technologies of interest to client.
  • Participate in proactive research and provide recommendations for continuous improvement on information security technologies, processes and services.
  • Develops, implements, and sustains operational scripts, data structures, libraries and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment.
  • Analyzes, designs, develops and operates programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context.
  • Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.
 
Basic Qualifications:
  • Bachelor’s degree or higher-level education or work experience equivalent.
  • 2 years experience in Information Security and over 4 years experience in Information Systems.
  • Excellent written and verbal communication skills.
  • Passionate, collaborative and results oriented.
  • Clear understanding of and ability to manage cognitive biases.
  • Ability to relate same to development of information and intelligence reports.
  • Detailed knowledge of Windows and/or Linux systems and associated scripting languages.
  • Entry level security certification (CompTIA Security+, Microsoft MTA Security, ISACA CSX, GISF, SSCP).
  • Demonstrated experience working with any of the following:
    • Security Information and Event Management
    • Vulnerability Management
    • Endpoint Security
    • Web Security
    • Incident Response
  • Detailed knowledge of Firewalls, Enterprise E-mail Systems and / or Incident Management.
  • Log analysis capabilities for various security systems or infrastructure devices
  • Attention to detail and focus on providing vetted information.
 
 
Desired Qualifications:
  • Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries.
  • Experience with analytical problem solving and familiar with conducting operations relating to insider threat, counterintelligence investigations, and counterespionage.
  • Microsoft`s MCSA / MCSE certifications.
  • Develops, implements, and sustains operational scripts, data structures, libraries and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment.
  • Analyzes, designs, develops and operates programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context.
  • Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.
 
 
Preferred Qualifications:
• CEH, CISSP, GCIH, GPEN (any of these).
 
 
Employee Value Proposition:
 
Candidate will get to be part of the decision-making process, playing with new technology across different areas, working on a global team - HUGE cross functional collaboration.
 
Interview process:
Phone/video - EU time zone.
 
We invite qualified candidates to send your resume to resumes@3keyconsulting.com.  If you decide that you’re not interested in pursuing this particular position, please feel free to take a look at the other positions on our website www.3keyconsulting.com/careers. You are also welcome to share this opportunity with anyone you think might be interested in applying for this role.
 
 
 
Regards,
 
3KC Talent Acquisition Team
 
 
Powered by