Lead Vulnerabilities Cyber Security Engineer

*We are unable to sponsor for this permanent Remote role*

*Position is bonus eligible*

Prestigious Enterprise Company is currently seeking a Lead Vulnerabilities Cyber Security Engineer. Candidate will be responsible for the planning, development, and implementation of enterprise vulnerability management solutions to address the business's current and emerging security needs. This role requires the proactive identification and solutioning of some of the most complex enterprise–scale vulnerability management and information security problems. The Expert Cyber Risk Management Engineer will assist in proactively designing, implementing, and maintaining a world–class vulnerability management program. Critical needs include strategic planning, capability assessment, process development and refinement, technology capability analysis, and process support tool implementation, configuration, continuous improvement, and maintenance.

Responsibilities:

• Vulnerability Management Strategic Planning, Design & Implementation
• Performs vulnerability management capability assessments, process development and refinement activities, technology capability assessments, and solution design and implementation projects that ensure the security of the enterprise environment.
• Leads strategic planning activities informed by capability assessments which holistically address current and future maturity states of vulnerability management capabilities. Builds strong narratives to drive decision–making and educates leadership stakeholders on proposed plans.
• Serves as a security expert in vulnerability management solutioning, including vulnerability identification, assessment, and validation for CI/CD pipelines, cloud environments, and infrastructure.
• Engages with enterprise architects, security specialists, technology engineers, and other functional area specialists to ensure that enterprise technologies and security solutions are correctly configured and deployed to sufficiently mitigate identified risks and meet requirements for the enterprise, customers, partners, and vendors.
• Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, and technical capability requirements.

• Creates and maintains a view of IT assets, related attack surfaces, and emerging vulnerabilities to illustrate the flow of data and associated security threats.
• Manages the entire life cycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
• Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
• Serves as an expert in platform, application, storage, network, virtualization, cloud, and mobile security best practices.
• Develops leadership–level communications, including board of director and executive metrics, business cases, standards, policies, procedures, architecture design documents, etc.
• Communicates and interacts effectively with leadership, management, co–workers, internal and external customers, and partners. Communicates strategic planning narratives and design and implementation plans to technical and non–technical audiences.
• Focuses on building stakeholder partnerships and offers support to other contributors in the information technology organization.
• Educates, coaches, and mentors junior members of the team, and expands the team's overall skillsets.

Qualifications

• 8+ years of combined hands–on cybersecurity and vulnerability management development and implementation work. Experience with a broad exposure to cloud, infrastructure, network, and multi–platform environments.
• 2+ years of experience in cybersecurity solution engineering or security service delivery.
• 2+ years of leadership experience with planning and managing cybersecurity implementations and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large–scale vulnerability management capability development projects.

• A strong, complete, and working understanding of Microsoft Azure cloud and foundational cloud concepts.
• A robust understanding of contemporary security theory and application (including the vulnerability life cycle and scanning methodologies (SAST, DAST, IAST, RASP) exploitation techniques and attack vectors).
• Strong understanding of systems development life cycle to lead multifunctional projects or initiatives.
• Excellent written and verbal communication skills (including technical writing).
• Must be able to communicate technical concepts to technical and non–technical audiences effectively and must communicate well with people in various positions, roles, and levels
• Ability to develop executive communications and interact with senior leadership.
• Strong strategic planning, maturity assessment, analytical and problem–solving skills; ability to examine issues both strategically and analytically.

Preferred Skills:

• A strong, complete, and working understanding of key programming languages and frameworks (eg, Java, Python, JSP, PHP, Node.js, etc.)
• Externally recognized information security industry thought leadership and innovation accomplishments.
• Foundational knowledge of data analytics and visualization tools (eg, Splunk, Tableau).
• Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.