Senior Information Security Engineer

Job Title : Sr. Security Engineer

Location : Atlanta, GA (Hybrid 3 Days onsite and 2 Days WFH)

Job Description :

Top skills required :

• SME on Qualys Vulnerability Management solution
• Experience with centralized vulnerability reporting solution (Kenna Security, Vulcan, or similar)
• Experience with risk-based vulnerability management program
• Experience with Qualys Policy Compliance
• Experience with IoT / OT solutions (Armis, Nozomi, or similar)
• 5+ years of experience in Qualys (VMDR), Policy Compliance and Vulnerability Management.
• 2+ years of experience in Kenna Security, Vulcan, or equivalent solution.
• Scripting experience with PowerShell, python, rest API.
• Experience developing reports in MS PowerBI.
• Experience working with IoT / OT technology.
• Working knowledge of cloud environments such as AWS, GCP, and Azure.
• Bachelor’s degree in Information Security, Information Technology or Computer Science.
• Knowledge of vulnerability management, policy compliance, and web application scanning solutions.
• Basic understanding of regulatory structures such as PCI, PII, and GDPR.
• Creative and adaptive work ethic, with a strong customer-oriented attitude.
• Ability to clearly communicate and present to various levels of the organization
• Strong organizational and analytical skills with attention to detail
• Independent and self-motivated and very thorough work ethic
• Ability to identify gaps in process and develop solutions
• Experience crafting tools to improve efficiency performing routine tasks
• Experience with Excel functions and extracting data using multiple criteria
• Understanding of Vulnerability Management holistically as a program

Responsibilities :

• Building and growing a next-generation vulnerability management program
• Providing remediation guidance and recommendations and coordinate with the Technology organization, IT and other teams as needed to provide oversight to the remediation and / or mitigation of enterprise vulnerabilities.
• Evaluate and deploy vulnerability reporting solution to aggregate and centralize all infrastructure, application, and container vulnerabilities.
• Extensive Windows, Mac, and Linux experience and common configuration deficiencies
• Thorough understanding of desktop, server, application, database, and network security hardening principles and practices for threat prevention
• Develop vulnerability reports and scorecards that define the current state of the corporate network security risk posture.
• Perform research and analysis of scheduled and on demand vulnerability assessments and post results.
• Research exploit techniques and mitigation strategies.
• Perform analysis of asset and vulnerability information to identify risks that were not discovered via automated scanning
• Troubleshoot issues that may occur during automated network scanning, and or agent scans.
• Review public and private vulnerability notifications / disclosures, consume research findings and prioritize remediation efforts.
• Integrate vulnerability management tools with other systems, such as CMDB, SIEM, and Archer, PowerBI.
• Assist with implementing policy compliance tools to monitor compliance against CIS and other industry related benchmarks.
• Assist with implementation of IoT and OT security solution to discover and secure unmanaged assets.
• Develop rules to identify non-compliant resources in our cloud environments and create automations to remediate the non-compliant resources.
30+ days ago