Job Description
City:Burbank/ Orlando/ Seattle/ New York/ Bristol
Onsite/ Hybrid/ Remote: Onsite
Duration:12 months
Rate Range: $69/hr to $78/hour on W2 depending on experience (no C2C or 1099 or sub-contract)
Work Authorization: US Citizens or GC candidates only
Top Skills:
-Needs someone customer service focused with an Information Security Program
Working with a team of 11 people
-Going through vulnerability results
-Reporting validation to ensure vulnerability is valid
-Validation after remediation
• Program Support: Enable execution of vulnerability management program through meeting facilitation, activity measurement, partner engagement, and program education
• Vulnerability Validation: Validate remediation for prioritized vulnerabilities, verify false positives, remediation barrier analysis and facilitate problem-solving
• Continuous Improvement: Identify and execute on improvement and expansion opportunities for enterprise vulnerability management services
• Reporting: Vulnerability management program effectiveness and efficiency and perform targeted historical analysis
• CISSP – Certified Information Systems Security Professional-preferred but not required
Job Description:
The Global Information Security (GIS) group provides services and solutions to protect the value and use of company’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.
• Provide operational support for security initiatives through the application of automation to vulnerability management processes.
• Lead special projects as demanded by industry developments such as authoring methods of vulnerability detection.
• Introduce new technologies to support process improvement and efficiency gains to EVM services.
• Lead remediation campaigns for critical vulnerability remediation.
• Serve as a point of contact for technical issues for EVM supporting technologies.
• Coordinate and facilitate team training activities to enhance team skills and capabilities
• Validate vulnerabilities remediated, including verification of ability to verify false positives
• Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and recommend corrective measures
• Support execution of vulnerability management program through meeting facilitation, activity measurement, customer engagement, and program education
• Identify and execute on continuous improvement and expansion opportunities for enterprise vulnerability management services
• Perform data analysis of diverse and historical data sets in support of vulnerability management project and program decisions.
• Evangelize the vulnerability management program and facilitate customer collaboration for program improvement
Basic Qualifications:
1. Analysis of known and emerging threats to determine risks against assets
2. Creation, maintenance, governance and communication of security policies and standards across
3. Assessment and audit of compliance against the security policies and standards
4. Assurance that assets are effectively managed and monitored to meet security criteria
We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are
continuous learners, passionate about information security and love their work.
• Manage end-to-end Enterprise Vulnerability Management (EVM) process with a focus on the segment
• Monitor and track results of vulnerability detection tooling and research remediation actions
• Validate in place mitigations for effectiveness for risk reduction
• Act as Change Manager per segment process to ensure mitigation/remediation actions are tested, validated, and approved per business process
• Perform hands on validation through manual testing techniques
• Author scripts to perform automated vulnerability validation to ensure that remediation resources are priotized effectively
• Analyze and understand segment capabilities and ensure that minimum vulnerability controls are adhered to in the most efficient manner
• Perform data analysis of vulnerability tooling output to determine where to focus remediation resources
• Prepare weekly vulnerability reporting and meet with asset owners to prioritize remediation resources
• Ensure the accuracy/completeness of Segment data in appropriate systems of record
• Coordinate EVM remediation actions across multiple Asset Owners, operating systems, applications, technologies, and Business Units / Segments
• Operate as liaison between segment Asset Owners and Management for extension and exception requests
• Coordinate Continual Service Improvement efforts by analyzing trends of non-compliance, determine root cause analysis and influence corrective actions
• Coordinate critical vulnerability patch process
• Assist in off-cycle remediation efforts (e.g. PCI penetration test remediation)
• Communicate process changes or improvements to responsible areas of the business segment
• Partner with suppliers, support groups, and Asset Owners to review and establish expectations with handling vulnerability remediation actions, process awareness, process training, and performance of respective segment
• Report on effectiveness and non-compliance in regards to program and remediation efforts
• Proactivly brief segment security leadership on risk and escalate when necessary
• Project management of segment vulnerability management projects
• Validate vulnerabilities remediated through manual testing, including verification of ability to verify false positives
• Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and recommend corrective measures
• Support execution of segment vulnerability management program through meeting facilitation, activity measurement, customer engagement, and program education
• Identify and execute on continuous improvement and expansion opportunities for segment vulnerability management services
• Perform data analysis of diverse and historical data sets in support of vulnerability management project and program decisions
• Evangelize the vulnerability management program and facilitate customer collaboration for program improvement
• Foster and enhance segment relationships by establishing a robust Segment Community of Practice program to keep partners engaged and on track for success
Preferred Qualifications:
• An understanding of systems and related interfaces to assess proposed system remediation actions and weigh potential impact to applications
• A background in information security disciplines and vulnerability management
• Broad knowledge of infrastructure, operating system, public cloud hosting services, and application technologies
• Ability to quickly perform in-depth analysis across diverse technologies implemented in a complex environment
• Familiarity with writing and publishing information security advisories