IT Risk Mitigation Engineer II - REMOTE

About The Position

Requirements

• Associates degree or competency-based degree in a related IT discipline preferred.
• 2+ years of experience in vulnerability management / compliance monitoring or the equivalent.
• Knowledge of and/or experience with technical concepts within Windows and/or Linux server operating systems, cloud computing, automation, networking, and application development.
• Experience reviewing vulnerability scans, penetration tests, network admission control, and/or SIEM systems such as Nessus, Rapid7, Qualys, etc.
• Experience with IT controls monitoring for regulatory and compliance requirements.
• Knowledge of vulnerability data management and reporting process automation.
• Functional knowledge of information security best practices.
• Functional knowledge of ITIL principles and practices.

Nice To Haves

• Relevant industry certifications such as A+, Network+, Security+, CISSP, CISM, or equivalent are a plus.
• Experience with Tanium is a plus.
• Knowledge of OWASP tools and methodologies a plus.
• Knowledge of scripting languages (i.e., Powershell, Python, YAML, etc.) a plus.
• Experience with ServiceNow a plus.

Responsibilities

• Assist in the core, day-to-day functions of the Risk Mitigation (RM) team.
• Act as a technical support specialist within the RM team.
• Promote directives to support IT infrastructure and application teams, ensuring a risk-based approach to vulnerability management.
• Focus on hands-on solutions and tools for monitoring, assessment, tracking, and reporting.
• Assist technical and team initiatives to shape and guide remediation solutions for effective reporting, best practices configurations, and timely patching.
• Collaborate with Security and IT Infrastructure to maintain or implement risk-based remediation requirements.
• Utilize technical background to identify and research vulnerabilities, partnering with technology teams for remediation.
• Assist with or directly maintain and support vulnerability management programs, including reviewing scans and assessments.
• Resolve or assist with the resolution of information security vulnerability findings.
• Work with multiple teams to align scanning, reporting, and tracking with industry best practices, regulations, and standards (e.g., PCI-DSS, SOC II, NIST, CIS benchmarks).
• Improve reporting maturity through automation, consolidation, and other techniques.
• Perform or assist with recurring and on-demand scanning of systems and cloud environments.
• Maintain detailed documentation regarding threat management standards, policies, and procedures.
• Improve and automate existing vulnerability management systems.

Benefits

• Competitive wages
• Medical with telemedicine
• Dental and Vision
• Basic and Optional Life Insurance
• Paid Time Off (PTO)
• Maternity, Parental, Family Care
• Community Volunteer Time Off
• 12 Paid Holidays
• Company Paid Disability Insurance
• 401k (with employer match)
• Health Savings Accounts (HSA) with company provided contributions
• Flexible Spending Accounts (FSA)
• Supplemental Insurance
• Mental Health and Well-being: Employee Assistance Program (EAP)
• Tuition Reimbursement
• Wellness program