Vulnerability Management Tech Lead - REMOTE WORK - 60058

Vulnerability Management Tech Lead - REMOTE WORK - 60058

We have an immediate long-term opportunity with one of our prime clients for a position of Vulnerability Management Tech Lead to work on remote basis.

Vulnerability Management Technical Lead to join our cybersecurity team and drive our efforts to identify, assess, and remediate vulnerabilities across our cloud environments, including containerized applications.

Job Description :

The Vulnerability Management Tech Lead will be responsible for leading the VM program from a technical standpoint within our multi-cloud and containerized environment.

This role requires deep knowledge of Common Vulnerabilities and Exposures (CVE), misconfigurations, and common ways to exploit vulnerabilities in cloud and third-party software.

The ideal candidate will have the technical expertise to resolve root causes of vulnerabilities and the ability to collaborate optimally with development teams to remediate exposures.

Key Responsibilities :

Vulnerability Identification and Assessment : Use various tools to continuously scan, identify, and assess vulnerabilities across GCP, Azure, On Prem, AWS, and containerized environments.

Infrastructure as Code (IaC) Understand how deployment happens in an IaC environment, understand Github and where vulnerabilities reside and how to mitigate, prevent and remediate them.

CVE Analysis : Stay up-to-date with the latest CVEs and security threats, evaluating their impact on cloud and on prem environments.

How they could be used to exploit and containerized applications.

Container Security : Ensure the security of container images, base images, lambdas, and other entry points for vulnerabilities.

Root Cause Analysis (RCA) : Conduct detailed RCA to resolve underlying issues of identified vulnerabilities and security misconfigurations.

Remediation Planning : Develop and implement remediation plans to address identified vulnerabilities, working closely with development and operations teams to ensure timely resolution.

Security Best Practices : Promote and implement security practices and standards across all cloud and environments that are containerized.

Continuously keeping VM within compliance of security frameworks and standards such as NIST, SOC 1 and 2, ISO, and CIS.

Documentation and Reporting : Maintain detailed documentation of vulnerability findings, remediation efforts, and overall vulnerability management processes.

Provide regular reports to senior management on the state of vulnerabilities and remediation progress.

Teamwork and Training : Collaborate with cross-functional teams, including developers, operations, and IT, to address security concerns.

Provide training and mentorship on secure coding practices, cloud security, and container security.

Continuous Improvement : Continuously improve the VM program by integrating new tools, technologies, gaps in our environment and methodologies to improve security posture.

Qualifications :

Education : Bachelor's or Master's degree in Information Security, Computer Science, or a related field.

Experience : Minimum of 5 years of experience in vulnerability management, cybersecurity, with a focus on containerized environments

Extensive knowledge of CVEs, understanding our vulnerabilities are exploited, and vulnerability assessment tools.

Experience with cloud platforms including GCP, Azure, and AWS.

Proficiency in RCA and remediation planning.

Experience with security compliance and NIST standards

Strong analytical and problem-solving skills.

Excellent written and interpersonal skills.

Ability to work collaboratively with cross-functional teams.

Leadership and project management abilities.

Preferred Qualifications :

Certifications : Certifications such as CISSP, CEH, AWS Certified Security - Specialty, Microsoft Certified : Azure Security Engineer Associate, Google Professional Cloud Security Engineer, or similar.

Development Skills : Experience with programming or scripting languages such as Python, Java, or PowerShell.

Industry Knowledge : Familiarity with DevSecOps practices and tools.

ALL successful candidates for this position are required to work directly for PRIMUS. No agencies please only W-2

For immediate consideration, please contact :

Tanya

PRIMUS Global Services

Direct (972) 200-4514

Desk (972) 753-6500 Ext. 258

Email : [email protected]