Skip to main content
Technology Mast

Vulnerability Management Engineer

The Vulnerability Management Engineer will be responsible for the proactive monitoring of enterprise security and risk posture of production systems and infrastructure, while identifying anomalies for further investigation. This role requires a strong understanding of the following facets of information security: security engineering, security architecture, application security, infrastructure security, security event monitoring, intrusion prevention and incident response.  This role is a subject matter expert is specific technology areas.

Responsibilities:

  • Lead, implement and/or support solutions that comply with Assurant Information Security Policies and Standards.
  • Supports technologies related to applications, infrastructure, and end-point security and provide guidance to security engineers and analyst.
  • Knowledge of various operating systems (e.g. Windows, Linux, etc.) and networking technologies commonly deployed to enterprise networks and accompanying vulnerabilities
  • Extensive knowledge in cloud computing and the  Qualys Cloud Computing platform
  • Implement/manage Qualys agents
  • Define scan policies and audit policies, manage scan credentials, schedule scans, generate Scan Reports, analyze, and validate scan results
  • Develop/Configure and Monitor dashboards
  • Develop Qualys compliance audit scans, reports, and associated evidence to achieve PCI, SOC, SOX compliance
  • Perform data clean up and configuration of scan jobs, asset groups, dashboards, data repositories, and reports in the Qualys platform
  • Run ad-hoc scans, queries, and reports within Qualys
  • Perform vulnerability, configuration, and compliance assessments
  • Identify and fix problems with scans (such as incorrect credentials, firewall blocks, and failed scans)
  • Validate and maintain asset lists for scans
  • Develop custom reports
  • Develop new or updated compliance audit files
  • Compile scan data for IT priority remediation and executive status presentation
  • Create and maintain documentation of IT security procedures, processes, configurations, and diagrams
  • Identify security vulnerabilities and prioritize remediation to reduce residual risk
  • Verify that systems, networks, and infrastructure meet baseline security standards as defined by the industry
  • Automate the creation and delivery of routine scans
  • Support security policies and procedures by recommending steps for the IT team to take, to achieve a more secure environment
  • Conduct research to keep abreast of latest security issues to anticipate incidents and reduce their likelihood
  • Design, create, and maintain Service Now vulnerability management processes integrated with the Qualys platform
  • Design, develop, and support automated processes using PowerShell and Cloud Service Provider Automation
  • Participates in the measurement and reporting of compliance activities with approved information security policies and standards to management.
  • Participates in the gathering of information security metrics on a monthly, quarterly, and yearly basis.
  • Maintain strong knowledge of information security management industry practices and regulatory requirements as well as technology-based security solutions.
  • Support existing and emerging security infrastructures, frameworks, methodologies, and platforms.
  • Lead in the testing of security solutions and reporting observations to reporting management.
  • Participate and recommend gap remediate efforts regarding Information Security.
  • Strongly support the incident response process as required.
  • Provide support for mergers, acquisitions, and divestitures.
  • Provide senior level technical support for security initiatives involving security infrastructures, frameworks, methodologies, and/or platforms.
  • Provide mentorship for Security Engineers and Analysts.
  • Educate peers, security personnel, and other security staff about security infrastructures, frameworks, methodologies, and/or platforms.
  • Support information security implementations & promote Information Security policy enforcement throughout Assurant.
  • Provide advanced security engineering recommendations and guidance to security leaders and stakeholders.
  • Support and advice on gap remediation efforts as directed by security leaders.
  • Assist with investigating the potential impact of technologies and communicate findings to security leaders.
  • Engineer complex technology platforms and infrastructures in alignment with Assurant security standards and strategic roadmaps.
  • Develop detailed secure standards, requirements, diagrams, and/or documents for security infrastructures, frameworks, methodologies, and/or platforms needs.
  • Review advanced technical solutions and make recommendations in alignment with Assurant security requirements.
  • Collaborate with various security teams on infrastructures, frameworks, methodologies, and/or platforms needs.

Basic Qualifications:

  • 5 (or more) years of experience in the field of IT, information security, security engineering, security event monitoring, incident response, eDiscovery forensic, infrastructure administration, compliance, security administration, audit and/or risk
  • 5+ years of experience on managing projects
  • Bachelor’s degree in Information Systems, Business Management, Computer Science, Engineering, Accounting, Finance or Audit is preferred
  • Professional certification(s) (CISSP, GEVA,)
  • Must have a broad range of exposure to all aspects of system maintenance, lifecycle management, technical support, systems analysis, risk management, application development and change management.
  • Knowledge of incident management and patching processes
  • Ability to work independently and take ownership or assigned tasks
  • Excellent communication and troubleshooting skills
  • 2-4 years experience in cyber security vulnerability management job roles and responsibilities
  • Developing quality and meaningful deliverables that suit specific company and management needs

Preferred Qualifications:

  • Proven leadership skills.
  • Excellent written and verbal communications.
  • Ability to manage and lead multiple and complex priorities.
  • Solid understanding of the follow areas:  information security, security engineering, security architecture, system administration, IT support, compliance, audit, risk management, and change management.
  • Expert knowledge of Security Infrastructure controls (networks, server, and end user computing devices) system administration, and business continuity planning and practices.
  • Expert knowledge of the information security engineering and system lifecycle support.
  • Advanced application and infrastructure security experience (i.e. Anti-virus, firewalls, cryptographic management (PKI), network protocols, filtering, etc).
  • Advanced experience with security tools used to find security vulnerabilities (i.e. web, OS, infrastructure).
  • Strong experience with incident response.
  • Strong knowledge of programing languages used to automate and/or enhance security process such Lua, Perl, Java, XML, HTML, and others.
  • Solid understanding of operating system internals, networks, applications, databases, and cloud technologies.
  • Strong knowledge of relevant security standards (NIST, ISO, etc) and ability to align them to secure engineering designs.
  • Strong knowledge of technologies that support including, but not limited to:
    • Authentication and authorization
    • Identity and Access Management
    • Networking
    • Web technologies
    • Application servers
    • Database Management Systems
    • Web Application Firewalls
    • Web services
    • End-Point Security
    • Data Loss Prevention
    • Forensics’ tools
  • Strong knowledge of security investigations and forensics
  • Familiarity with legal, regulatory and industry security requirements and frameworks.  Including, but not limited to the following:
    • International Organization for Standards (ISO/IEC 27001)
    • Payment Card Industry – Data Security Standards (PCI – DSS)
    • Health Insurance Portability and Accountability Act (HIPAA) and HITRUST; HITECH

Join our talent community

Get discovered. Introduce yourself, and we'll get in touch if there's a role that seems like a good match.

Join Now