| Security Risk Advisor- Remote at Remote, Remote, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=620142&uid= From: Apoorva Aggarwal, Amtex Systems [email protected] Reply to: [email protected] Title: Security Risk Advisor Location: Remote Duration: 12+ months. Must Have: Dev sec ops Application security Cloud computing/security (Azure & GCP) Risk management (GRC) Vulnerability management Someone who maybe has been a developer and wants to get into security would be a great profile to go off of, but not a must Essential Job Duties: The ability to design Scalable vulnerability management solutions across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP). Work as a team to consistently learn and share advanced skills and foster team excellence. Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets. Conduct continuous discovery and vulnerability assessment of enterprise-wide assets. Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. Procure and maintain tools and scripts used in asset discovery and vulnerability status. Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds. Support internal and external auditors in their duties that focus on compliance and risk reduction. Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface. Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organizations security posture against them. Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary. Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business. Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage. Periodically attend and participate in change management policy discussions and meetings. Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management. Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness. Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities. Perform other duties as assigned. Skills and Experience: Experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP). At least 5-7+ years experience in information security administration, vulnerability management or security operations. Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source. Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening. Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices. Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP). Experience conducting organization-wide vulnerability scanning and remediation processes. Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface. Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or International Standards Organization (ISO). Capable of scripting in Python, Bash, Perl or Power. Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle. Additional Qualifications: Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well. Self-starter requiring minimal supervision. Excellence in communicating business risk and remediation requirements from assessments. Analytical and problem-solving mindset. Highly organized and efficient. Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen. Education Requirements: Bachelor's degree in computer science (preferred), information assurance, MIS or related field, or equivalent. Experience Requirements: 1 -3 years of related experience required 3-5 years of related experience required 5-8 years of related experience required 8-10+ years of related experience required Certification Requirements: Preferably, one or more of the following: GCED, GCCC, GPEN, GCIH, CISSP or CRISC. Thanks and Regards Apoorva Aggarwal Keywords: golang http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=620142&uid= |
| [email protected] View All |
| 12:19 AM 09-Sep-23 |