Sr. Vulnerability Management Engineer

About The Position

Requirements

• Bachelor’s degree in information systems, information security, computer science, engineering or similar technical field of study and 4+ years of professional experience in information security, networking and/or systems administration; OR 5+ years of professional experience in information security in lieu of a degree.
• 4+ years of experience designing, building, implementing, and/or maintaining vulnerability and configuration management technologies in an enterprise level environment.
• Experience with Linux, Windows, and Mac system internals and configuration management tools.

Nice To Haves

• Experience with Tenable on-premise and cloud products such as Tenable or other Vulnerability Assessment Tools.
• Experience with auditing security controls against standards such as CIS, MSCT, & DISA STIGs.
• Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems.
• Experience in analyzing & validating vulnerabilities to most effectively prioritize the most critical vulnerabilities to a given environment.
• Experience in PCI DSS security assessments.
• Experience with a programming or scripting language, such as Python or PowerShell.
• Experience in controlled penetration testing to validate vulnerability findings.
• Familiarity with J-Frog Artifactory / X-ray.
• Ability to interface with vendors to diagnose and troubleshoot problems, as well as consult on architectural design and configuration changes.

Responsibilities

• Lead and champion efforts to define, implement, and enforce processes, policies, and procedures for vulnerability remediation, external attack surface management, and compliance policy scanning.
• Track open vulnerabilities and issues from identification to resolution, following up with remediation owners, enforcing Plans of Action & Milestones (POA&Ms), and escalating risks as necessary.
• Serve as a vulnerability management SME across multiple areas, including Microsoft platforms, open systems, virtualization, networking, databases, cloud environments, public/private-facing services, and the SpaceX network stack.
• Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits.
• Identify and recommend measures to manage and remediate vulnerabilities or security exposures, reducing potential impacts on information resources to levels acceptable to senior management.
• Partner with security and IT professionals to assess vulnerability impacts specific to the SpaceX environment and implement mitigating controls.
• Act as a leader in vulnerability management and information security by broadening awareness and use of the team's services, educating on security best practices, and integrating with other business areas.
• Conduct manual testing and/or work closely with red-teams to confirm vulnerabilities and exploits using offensive-security tools.
• Assist with the implementation, management, and maintenance of vulnerability management and external attack surface platforms/tools.
• Configure integrations between vulnerability management/external attack surface tools and issue tracking systems.
• Develop scripts and automated mechanisms to streamline manual processes for gathering and consolidating information.
• Configure and maintain custom compliance policy scanning rulesets based on CIS benchmarks.
• Develop and improve KPIs, metrics, and trending for vulnerability management functions.

Benefits

• Pay range: $168,000.00 - $230,000.00/per year.
• Long-term incentives, in the form of company stock, stock options, or long-term cash awards.
• Potential discretionary bonuses.
• Ability to purchase additional stock at a discount through an Employee Stock Purchase Plan.
• Comprehensive medical, vision, and dental coverage.
• Access to a 401(k) retirement plan.
• Short and long-term disability insurance.
• Life insurance.
• Paid parental leave.
• Various other discounts and perks.
• 3 weeks of paid vacation.
• 10 or more paid holidays per year.
• Paid sick leave.