Lead, Security Engineer V&CM

About The Position

Requirements

• Bachelor's Degree or equivalent required.
• BA/BS degree in Computer Science, Information Systems, Cyber Security or a related technical field.
• Minimum of 7 years of experience with security engineering and operations.
• Experience managing and supporting large, complex mission-critical systems.
• Experience with Vulnerability management tools, patching processes and tools, VM operation/workflow, or configuration/Baseline/File-integrity monitoring applications and processes.
• Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future.
• Subject matter expert of cloud based critical infrastructure systems and security threats for these systems (AWS Cloud experience required).
• Subject matter expert with cyber security in the domains of vulnerability and compliance management.
• Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures.
• Subject matter expert of network and system vulnerabilities, malware, networking protocols, multi-tiered applications, and attack methods to exploit vulnerabilities.
• Experience in senior technical security role, including network security, operating system security, Internet or Web security, and vulnerability testing.
• Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis, network engineering, and local and wide area (LAN/WAN) technologies and topologies.
• Must have experience conducting comprehensive vulnerability assessments with vulnerability monitoring tools (Wiz and Tenable).
• General knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs.
• Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials.
• Be able to work in fast paced environment with occasional on-call activities.
• Excellent interpersonal skills, presentation skills, and verbal / written communication skills.
• Self-starter; adaptable to change; motivated to set personal and program goals and pro-actively track performance against goals and initiatives.
• Ability to manage multiple priorities – projects, deliverables, and stakeholders.
• Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
• Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.

Nice To Haves

• Master’s Degree is a plus.
• AWS Security, AWS Architect certifications desired.

Responsibilities

• Act as a Subject Matter Expert for all programs within the VCM space.
• Conduct comprehensive vulnerability assessments using tools such as Wiz and Tenable.
• Leverage strong analytical and problem-solving skills to identify weaknesses in U.S. FinTech’s IT Infrastructure.
• Communicate findings effectively, via reports/meetings to prioritize vulnerability remediation.
• Utilize developed processes to track, prioritize, and ensure remediation of found vulnerability and compliance issues.
• Continuously monitor U.S. FinTech infrastructure for Vulnerability and Compliance related issues.
• Make improvements to monitors, scans, dashboards, and reporting.
• Ability to work independently and in a team environment, collaborate effectively with other InfoSec Teams and IT Infrastructure teams.
• Eager to learn and adapt to emerging cloud technologies and tools in a fast-paced environment.
• Act as a Subject Matter Expert for the VCM program, processes, and tooling.
• Configure, tune, and maintain vulnerability management tools.
• Work with Security Architecture on new build outs, new business, new technologies, new environments to ensure coverage of VCM programs, processes, and tooling.
• Build out new Security baselines for CIS, DISA STIG, and custom baselines.
• Correlate Vulnerabilities with threat intelligence to assess exploitability and risk.
• Work with Cyber Security Operations Center to ensure mitigations are in place while vulnerabilities are being remediated.
• Provide detailed risk assessments for discovered vulnerabilities.
• Enforce remediation timelines in accordance with Standard Operating Procedures.
• Collaborate with IT and DevOps teams to ensure timely remediation of vulnerabilities.
• Conduct regular and ad-hoc vulnerability scans using tools like Wiz or Tenable.
• Integrate tools with all cloud environments.
• Ensure complete coverage of all IT environments.
• Ensure alignment with internal security policies, regulatory requirements (NIST/SOC), and industry best practices.
• Support audits and assessments by providing evidence and documentation.
• Act as a liaison between security, IT, development, and risk teams.
• Provide clear, actionable recommendations tailored to technical and non-technical audiences.
• Mentor Junior Analysts by providing guidance and training to junior members of the VCM team.
• Identify potential gaps in the vulnerability or compliance management programs and propose improvements.
• Develop and maintain Standard Operating Procedures, Frameworks, and Job Aids/HowTos.

Benefits

• performance bonus
• 401k match
• healthcare coverage
• PTO