Job Description ECS is seeking a
Vulnerability Management Lead to work in our
New York City, NY office.
As the Vulnerability Management Lead, you will be responsible for managing vulnerabilities tracking, resolution and escalation. In this role, you will own and manage vulnerability data repository, vulnerability scans, reporting, dashboards, metrics, vulnerability analysis and remediation recommendations.
- Performs vulnerability scans, implementing or overseeing vulnerability assessment, and conduct risk assessment.
- Monitors for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
- Collaborates with IT and security operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.
- Identify clear ownership for remediation tasks and drive cross-functional partners towards timely, effective vulnerability resolution through structured planning and communication.
- Works directly with application owners and system managers to achieve short-term mitigation and progress long-term remediation objectives
- Supports IT operations' responsibility to remediate system and application vulnerabilities.
- Conducts continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
- Owns and drives the Vulnerability Management strategy.
- Generates detailed reports and metrics to track vulnerability assessment findings and remediation progress, providing insights to stakeholders and leadership
- Develops processes, playbooks, and run books for vulnerability management practices.
- Serve as a point of contact for new and existing vulnerability-related issues.
- Able to be on-site 3-days a week.
Salary Range: $140,000 - $165,000
General Description of Benefits
Required Skills - Experience performing vulnerability scans, implementing or overseeing vulnerability assessment, and conducting risk assessments in a large enterprise.
- Highly self-directed problem solver who thrives in ambiguity and requires minimal supervision.
- Able to navigate limited tooling, incomplete information, and operational constraints to design creative, scalable, and incresignly automated solutions that streamline vulnerability management workflows.
- Ability to monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
- Ability to pivot to emerging vulnerabilities and exigent issues that may arise.
- Communicating complex security issues to business owners at their level of knowledge.
- Ability to manage a formal exception process
- Strong written and oral communication skills across varying levels of the organization.
- Well organized with keen attention to detail.
- Capable of maintaining accurate asset inventory
- Comfortable presenting reports to cross functional teams and upper management
- Proficient with commercial and open source vulnerability management solutions.
- Ability to influence technical team and business units and collaborate to reduce attack surface.
- Advanced knowledge of operating systems, applications, infrastructure and cloud computing services.
- Ability to generate detailed reports and metrics to track vulnerability assessment findings and remediation
- Experience developing processes, playbooks, and run books for vulnerability management practices.
- Experience compiling and tracks CIS Benchmark Controls for multiple operating systems across enterprise
- Ability to maintain and create documentation related to vulnerability policies and procedures.
Desired Skills - Ability to build lasting relationships with outside teams.
- Experience with vulnerability management across AWS, Azure or Google Cloud Platform.
- Experience administrating vulnerability management tools such as Tenable or Rapid7
- Preferably one or more certifications, GEVA, GSOC, GCIH, CISSP.
- Bachelor's degree preferred in cybersecurity, computer science, engineering, or related field.
#ECS1
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Never miss an opportunity! Create an alert based on the job you applied for.
