Vulnerability Engineer

About The Position

Requirements

• Completed some professional training (e.g., college, bootcamps) in cybersecurity or a related field.
• Comfortable working and engaging with a wide range of engineering teams across the organization.
• Eager to deeply learn, both independently and with help, our technologies and patterns such as: Vulnerability Scanning Tools: Rapid7 IVM, Orca, Snyk, StackHawk, etc.
• Security Protocols: SAML, OAuth 2, OIDC, LDAP, Kerberos, HTTP/S
• Threat Intelligence: Understanding and integrating threat intelligence feeds to identify emerging vulnerabilities.
• Penetration Testing: Assisting in planning and executing penetration tests and analyzing results.
• Security Controls: Validating and implementing security controls to mitigate identified vulnerabilities.
• Secure Coding Practices: Promoting and implementing secure coding practices to address application vulnerabilities.
• Able to clearly communicate your thoughts and actively listen to and integrate the thoughts and comments of others.

Nice To Haves

• Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable.
• For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable.

Responsibilities

• Conduct regular scans using tools (e.g., Rapid7 IVM, Orca, Snyk, StackHawk) to identify weaknesses in systems, applications, and networks, and interpreting scan results to identify and validate vulnerabilities to be ingested into the vulnerability management process.
• Analyze vulnerabilities based on context, such as asset criticality, exposure, exploitability and overall risk impact to classify them by severity (e.g., critical, high, medium, low).
• Document vulnerability findings and remediation efforts in tracking systems (e.g., Azure DevOps, ServiceNow).
• Prepare and maintain vulnerability management reports for leadership and other stakeholders.
• Research and provide recommendations for remediation or mitigation strategies.
• Assist with the patch management process by identifying missing patches or outdated software versions.
• Coordinate with teams to deploy security patches, software/firmware updates, and code changes.
• Assess the risk of vulnerabilities in the context of business operations and assist in the prioritization of remediation efforts.
• Stay up to date with the latest cybersecurity threats, vulnerabilities, and patching trends.
• Oversee and coordinate penetration testing efforts to identify and address security vulnerabilities in systems, applications, and networks.
• Validate and triage submissions via bug bounty program or other team communication tools ensuring valid vulnerabilities are ingested into the vulnerability management process.
• Participate in internal audits, vulnerability assessments, and security best practice reviews.
• Implement and manage continuous control testing to ensure ongoing compliance with security policies and standards.
• Develop a working understanding of your team’s products – its purpose and its capabilities.
• Understand how your assigned tasks relate to the goals your team is working to deliver.
• Actively practice troubleshooting and participate in the on-call support rotation for the team’s production services.
• Comprehend and monitor the programs’ key operational metrics and understand how your work relates to them.
• Carefully research and deliberately practice the tools used throughout the vulnerability management lifecycle, including vulnerability scanning tools, patch management systems, and security information and event management (SIEM) tools.
• Learn to recognize vulnerability complexity and methods for simplifying remediation efforts.
• Learn and apply practices such as risk assessment and mitigation strategies with a special focus on the concepts of asset criticality and exploitability.
• Introspect on, and seek feedback on, your current communication and behavioral patterns and actively and continually work to improve them.
• Be an active participant in all team activities: team ceremonies, banter, troubleshooting, design discussions, work breakdowns, etc.
• Ask for explanations on concepts, vulnerabilities, and discussions you don’t understand.
• Ask for help in a timely manner.
• Actively listen.

Benefits

• Comprehensive benefits
• Perks that set us apart