Job Summary

As the Manager of Vulnerability Management you will paly a key role in the success of the vulnerability and configuration management program by identifying security risks, prioritizing actions based on intelligence-driven processes, and proactively responding to emerging threats. This role will be the face of the program and will oversee a managed service provider that performs the day-to-day functions of the vulnerability and configuration management program.

Responsibilities:

• Provide oversight and direction to managed service provider to work on vulnerability and configuration scans, analysis, and reporting to support the organization.
• Develop strategy for a risk-based vulnerability management program for the organization.
• Collaborate closely with cross-functional teams to facilitate the timely remediation of vulnerabilities and misconfigurations, with a strong focus on effectiveness and risk management.
• Partner with Cyber Threat Intelligence, the Cybersecurity Incident Response team, and technology remediation groups to deliver shared outcomes that measurably improve our efficacy to detect and remediate vulnerabilities.
• Determine tools and resources needed to support the organization's need to identify and prioritize vulnerability and configuration deficiencies.
• Establish organization secure configuration standards across operating systems, applications, and devices.

Ideal Candidates Will Have Experience:

• Managing a team or Managed Service Provider
• Vulnerability and configuration management within healthcare environment
• Using ServiceNow Vulnerability Response module
• Contributing or developing polices or standards

BENEFITS

Our competitive benefits package includes the following

• Immediate eligibility for health and welfare benefits
• 401(k) savings plan with dollar-for-dollar match up to 5%
• Tuition Reimbursement
• PTO accrual beginning Day 1

Note: Benefits may vary based upon position type and/or level

Preferred Certifications:

• Certified Information Systems Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Advanced Security Practitioner (CASP+)

Preferred Qualifications

• BS Degree in computer science, computer engineering, software engineering, cybersecurity or related technical degree
  • or 5 years equivalent technology experience
• 5+ years' experience in information security in an enterprise environment
• 3+ years' experience assessing and implementing vulnerability management tools, vulnerability scan configurations, vulnerability reporting, and vulnerability remediation in an enterprise environment.
• Knowledge of common software, operating systems vulnerabilities, Unix/Lenux
• Strong experience with Vulnerability Management Platforms such as Tenable, Qualys, Rapid7, in a large corporate environment.
• Experience with Center for Internet Security (CIS) benchmarks for secure configurations.
• Understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and vulnerability risk.
• Experience with controls or frameworks such as NIST 800-53, NIST CSF, CIS, MITRE ATT&CK
• Strong experience in reading and understanding vulnerability scans
• Experience creating and running authenticated and unauthenticated scans
• Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
• Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization

Minimum Qualifications

• EDUCATION - Bachelor's or 4 years of work experience above the minimum qualification
• EXPERIENCE - 5 Years of Experience