Job description

**Job Summary** As a member of the Cyber Security team, the Cyber Security Senior Engineer for Vulnerability Management will be responsible for developing, implementing, and operating vulnerability management solutions to identify, classify, and report existing and emerging vulnerabilities detected in enterprise infrastructure. The Senior Engineer will operate within the existing exposure management team as an expert in vulnerability management, ensuring sound practices while designing, growing, and maintaining the vulnerability management program, contributing to vulnerability identification and remediation methodologies, supporting penetration testing practices, report generation, and more. The Senior Engineer will be responsible for seeking out and reporting on vulnerability discoveries and classifications of new vulnerabilities as well as partnering with Threat Intelligence to incorporate current threat activity into risk prioritization. The Senior Engineer will work directly with other security and information technology team members to develop plans for reporting and remediation of vulnerabilities across all operating systems and applications in the enterprise. • *Essential Duties and Responsibilities** + Develop, implement, and operate vulnerability management solutions to identify, classify, and report existing and emerging vulnerabilities in enterprise infrastructure including application and multi-cloud technologies. + Serve as the subject matter expert in vulnerability management within the exposure management team, contributing to the development, engineering, and maintenance of the vulnerability management program. + Apply industry best practices and standards to vulnerability identification and remediation methodologies, penetration testing practices, and report generation. + Stay up to date on the latest vulnerability discoveries and classifications, and proactively assess and report their potential impact on the organization's systems and applications. + Collaborate with security and IT team members to develop comprehensive plans for reporting and remediation of vulnerabilities across all operating systems, cloud computing systems, and applications in the enterprise. + Conduct regular vulnerability assessments, utilizing automated tools and manual techniques to ensure thorough coverage and accuracy. + Analyze vulnerability assessment results and provide recommendations for prioritizing and remediating vulnerabilities based on risk and impact. + Collaborate with the Threat Intelligence and Incident Response teams to correlate emerging threats with exposure data. + Contribute to the development and maintenance of vulnerability management policies, procedures, and documentation. + Provide guidance and support to junior team members, fostering knowledge sharing and professional growth within the vulnerability management team. + Develop and present metrics, dashboards, and executive reports related to vulnerability trends, SLA compliance and risk posture. + Business and Soft Skill expectations: + Communicate and interact effectively and professionally with co-workers, management, customers, etc. + Maintain complete confidentiality of company business. + Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. • *Education** + H.S. Diploma or GED required + Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience preferred • *Required Experience** + Duration: + 3+ years of IT or information security, and + 2+ years of vulnerability management + Activities: + Practical experience with designing and implementing technologies related to vulnerability management including vulnerability scanning, penetration testing, and configuration management + Served as expert thought leader for vulnerability management technologies and influenced the strategy for remediation + Worked in process-driven structured environments and participated in process optimization activities. + Competencies: + In-depth knowledge of CVEs, CVSS, threat modeling, and vulnerability scanning technologies. + Familiarity with industry frameworks and standards such as NIST, CIS, and CVSS. + Strong understanding of operating systems, network protocols, and web applications. + Hands-on experience with vulnerability scanning and assessment tools (e.g., Nessus, Qualys, OpenVAS). + Excellent analytical and problem-solving skills, with the ability to prioritize and address vulnerabilities based on risk. + Strong communication and collaboration skills to work effectively with cross-functional teams. + Relevant certifications such as CISSP, CISA, or GIAC certifications are a plus. + Commitment to continuous learning and staying updated on the latest trends and threats in the field of vulnerability management. + Strong understand of lifecycle management principles and their application to the remediation of cybersecurity vulnerabilities + Effective communication of technical concepts to a non-technical audience + Excellent written and verbal communication skills • *Preferred Experience** + 3+ years of vulnerability management • *Computer Skills Required** ● Productivity suite software required ● Python, Powershell, Microsoft SQL, industry standard vulnerability scanning software, and various other cybersecurity tools preferred • *Licenses and Certifications** + SANS Certifications, GIAC Certifications, EC Council CEH preferred • *Physical Demands** In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below: + The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity. + The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions. + The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work. Equal Employment Opportunity This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources. • *Job Summary** As a member of the Cyber Security team, the Cyber Security Senior Engineer for Vulnerability Management will be responsible for developing, implementing, and operating vulnerability management solutions to identify, classify, and report existing and emerging vulnerabilities detected in enterprise infrastructure. The Senior Engineer will operate within the existing exposure management team as an expert in vulnerability management, ensuring sound practices while designing, growing, and maintaining the vulnerability management program, contributing to vulnerability identification and remediation methodologies, supporting penetration testing practices, report generation, and more. The Senior Engineer will be responsible for seeking out and reporting on vulnerability discoveries and classifications of new vulnerabilities as well as partnering with Threat Intelligence to incorporate current threat activity into risk prioritization. The Senior Engineer will work directly with other security and information technology team members to develop plans for reporting and remediation of vulnerabilities across all operating systems and applications in the enterprise. • *Essential Duties and Responsibilities** + Develop, implement, and operate vulnerability management solutions to identify, classify, and report existing and emerging vulnerabilities in enterprise infrastructure including application and multi-cloud technologies. + Serve as the subject matter expert in vulnerability management within the exposure management team, contributing to the development, engineering, and maintenance of the vulnerability management program. + Apply industry best practices and standards to vulnerability identification and remediation methodologies, penetration testing practices, and report generation. + Stay up to date on the latest vulnerability discoveries and classifications, and proactively assess and report their potential impact on the organization's systems and applications. + Collaborate with security and IT team members to develop comprehensive plans for reporting and remediation of vulnerabilities across all operating systems, cloud computing systems, and applications in the enterprise. + Conduct regular vulnerability assessments, utilizing automated tools and manual techniques to ensure thorough coverage and accuracy. + Analyze vulnerability assessment results and provide recommendations for prioritizing and remediating vulnerabilities based on risk and impact. + Collaborate with the Threat Intelligence and Incident Response teams to correlate emerging threats with exposure data. + Contribute to the development and maintenance of vulnerability management policies, procedures, and documentation. + Provide guidance and support to junior team members, fostering knowledge sharing and professional growth within the vulnerability management team. + Develop and present metrics, dashboards, and executive reports related to vulnerability trends, SLA compliance and risk posture. + Business and Soft Skill expectations: + Communicate and interact effectively and professionally with co-workers, management, customers, etc. + Maintain complete confidentiality of company business. + Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. • *Education** + H.S. Diploma or GED required + Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience preferred • *Required Experience** + Duration: + 3+ years of IT or information security, and + 2+ years of vulnerability management + Activities: + Practical experience with designing and implementing technologies related to vulnerability management including vulnerability scanning, penetration testing, and configuration management + Served as expert thought leader for vulnerability management technologies and influenced the strategy for remediation + Worked in process-driven structured environments and participated in process optimization activities. + Competencies: + In-depth knowledge of CVEs, CVSS, threat modeling, and vulnerability scanning technologies. + Familiarity with industry frameworks and standards such as NIST, CIS, and CVSS. + Strong understanding of operating systems, network protocols, and web applications. + Hands-on experience with vulnerability scanning and assessment tools (e.g., Nessus, Qualys, OpenVAS). + Excellent analytical and problem-solving skills, with the ability to prioritize and address vulnerabilities based on risk. + Strong communication and collaboration skills to work effectively with cross-functional teams. + Relevant certifications such as CISSP, CISA, or GIAC certifications are a plus. + Commitment to continuous learning and staying updated on the latest trends and threats in the field of vulnerability management. + Strong understand of lifecycle management principles and their application to the remediation of cybersecurity vulnerabilities + Effective communication of technical concepts to a non-technical audience + Excellent written and verbal communication skills • *Preferred Experience** + 3+ years of vulnerability management • *Computer Skills Required** ● Productivity suite software required ● Python, Powershell, Microsoft SQL, industry standard vulnerability scanning software, and various other cybersecurity tools preferred • *Licenses and Certifications** + SANS Certifications, GIAC Certifications, EC Council CEH preferred • *Physical Demands** In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below: + The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity. + The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions. + The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work. Equal Employment Opportunity This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources.

Requirements