Principal Vulnerability Management Engineer

Software Guidance & Assistance, Inc., (SGA), is searching for a Principal Vulnerability Management Engineer for a RIGHT TO HIRE assignment with one of our premier Healthcare Services clients for a Remote position..

Responsibilities:
The Principal Vulnerability Management Engineer is responsible for managing the identification, assessment, reporting, and mitigation of infrastructure and cloud vulnerabilities. A candidate for this role will have a mindset of a defender and be able to operate in a fast-paced environment working closely with our infrastructure team that includes Network, Firewall, Hypervisors, Servers, and business application teams.

• Serve in a leading role that requires frequent interaction with IT and Infosec managers, engineers and developers, and Sr. Leaders.
• Lead the integration of various vulnerability and configuration related data sources into a common workflow, reporting and operations tool.
• Be the SME expert on vulnerability and configuration reporting and strategic initiatives.
• Provide technical leadership and support to more jr. team members.
• Drive and track remediation initiatives across multiple support teams.
• Assure vulnerability reporting and strategy scale across integrated and non-integrated entities.
• Collaborate with Sr. Leaders on strategic direction and prioritization for vulnerability, configuration, and asset discovery initiatives.

Required Skills:

• Bachelor's degree in Computer Science, Cybersecurity or other related field, or equivalent work experience.
• 10-12 years of combined IT and security work experience with a broad range of exposure to cybersecurity, systems analysis, application development and/or systems administration and 7+ years of vulnerability or configuration management experience.
• Proficient in various vulnerability assessment tools such as Qualys, Armis, Microsoft Defender for Endpoint/Cloud, Axonius.
• Ability to analyze vulnerability metrics using Microsoft Excel advanced techniques.
• Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM), Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OSCP) or other equivalent recognized security certifications.
• Good understanding of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR).
• Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework
• Excellent communication skills: able to explain complex concepts clearly to both technical and non-technical stakeholders.

Preferred Skills:

• Exposure or knowledge of cloud architectures, services, and vulnerabilities.
• Proficiency in using vulnerability scanning tools such as Qualys, Armis, MS Defender, etc.
• Experience with vulnerability and asset discovery consolidation and contextualization tools ( Axonius)
• Reporting and metrics expertise with platforms such as ServiceNow (SecOps), PowerBI, etc.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.