Vulnerability Manager

Job Description

The Vulnerability Manager position is responsible for managing the identification of vulnerabilities in EagleView's on-premise and cloud environment and working with systems owners to remediate findings.

The Vulnerability Manager will convert raw vulnerability reports to actionable and prioritized information to enable engineers to focus on mitigating the highest levels of risk.

As an additional duty, this role will also perform asset management for enterprise assets, combining asset discovery with vulnerability scanning to ensure comprehensive coverage of all assets. This position will serve as a critical member of the Cyber Security Team and will enable EagleView to achieve compliance with on-going assessment programs and reduce risk to company systems and services.

Primary Responsibilities:

- Define and operate a formal Vulnerability Management Program and framework that defines the vulnerability priorities aligned with business criticality
- Establish an agile approach for vulnerability management capability improvements
- Provide risk-based mitigation and remediation recommendations and guidance
- Responsible for researching and analyzing vulnerabilities, identifying relevant threats, and providing risk-based mitigation and remediation recommendations
- Develop and optimize tools and services to provide comprehensive visibility, situational awareness, and response readiness
- Support the implementation of vulnerability management projects
- Refine scan results to identify and resolve any false positive findings, and produce vulnerability reports with actionable and prioritized information for system owners
- Track and report status of vulnerability remediation
- Assist in the development of baseline security configurations for operating systems, applications, and networking equipment
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners and support teams
- Develop baseline asset inventories using endpoint management applications (on-premise assets) and custom databases (cloud assets)
- Identify and maintain owners for systems in the asset inventory

Skills/Requirements

Required Knowledge, Skills and Experience:

- Bachelor's degree in a technology or business-related field (BSc or BBA preferred)
- 5 years of experience in Vulnerability Management
- Advanced understanding of operating system and application security, administration, and debugging
- Advanced understanding of technical information security concepts related to threat landscapes
- Experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems (Rapid7 preferred)
- Experience working with asset management systems and databases
- Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills
- Ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations
- Demonstrated ability to recognize, interpret, and communicate vulnerability management information
- Working knowledge of business and risk assessment methodologies/ mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.)
- Very high attention to detail, with strong skills in managing/presenting data and information
- Strong skills in documentation, including policies, standards, processes and procedures

Preferred Knowledge, Skills and Experience:

- Certification such as SANS GIAC, CISA, or CISSP preferred
- SQL database query language, and scripting experience in Python or other commonly used languages