Vulnerability Management Leader / Architect
Job Id : 26367
Location : Herndon, VA
Company Name : QData
Job Type : Contract
Industry : Information Technology
Salary : $55 - $60 per hour
No. of Positions : 1
Required Skills : Vulnerability Management Leader / Architect
Benefits : No benefits are available
Job Description :
- The ideal candidate will possess a strong technical and security background with an emphasis on supporting enterprise security applications and services; mainly identifying, managing, and reducing vulnerabilities.
- The Vulnerability Management Lead/Architect is responsible for recommending mitigations against common vulnerabilities and managing the enterprise CISO Vulnerability Management Program. The lead is also responsible for overseeing the distribution of alerts and bulletins to the stakeholders, and continually identifying and implementing measurable and proactive processes that secure OS’, applications, and HW patch management. He / She will work within a fast-paced, Agile environment collaborating with cybersecurity architects and technology teams across IBM CISO and business units to implement and support next-generation security solutions.
- This role necessarily deals with highly confidential and sensitive information, and the role is expected to conform to the best handling practices.
- Lead for vulnerability management includes but not limited to:
- Vulnerability Identification (including awareness of current vulnerabilities and patches) Define the strategy and roadmap for entire organization
- Develop process, playbooks, run-books and more documentation
- Translate threat Intel into specific actions as pertains to vulnerabilities.
- Risk bases analysis and prioritization by leveraging AI/ML where applicable Driving remediation, patching including developing best practices; effective communicate/coordinate the remediation efforts with all the key stakeholders
- Coordinate with Business Units leaders or key stakeholders in the organization
- Coordinate with other CISO leaders
- Escalate risks, report progress to executives and Incident Response Teams when needed
- Effective in leading teams to accomplish program objectives. Strong verbal and written communication skills required.
- Excellent overall understanding of cybersecurity vulnerabilities and threats to include identification and patching
- Experience conducting all-source analysis, managing and tracking analytic production
- Recommend and support remediation activities associated with any discovered vulnerability in accordance with IBM Standards.
- Oversees, evaluates and matures the intelligence of data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within the IBM environments (on-premise and cloud) for the purposes of mitigating threats. Ensure vulnerabilities are identified as early as possible and mitigated.
- 10+ years of professional work experience with leading and managing the technical aspects of network, servers and web vulnerability management solutions
- 5+ years experience in leading a team of vulnerability management engineers, remediation engineers, and threat intel analysts
- Experience handling, securing and communicating highly confidential and sensitive information. 5+ Experience in Vulnerability Assessment tools
- Experience in Threat Intelligence Tools/Data
- Experience in both Windows and Linux environments
- Ability to develop and maintain positive relationships with other technology teams/stakeholders Good understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
- Deep understanding of network and web vulnerability scanning application outputs
- Ability to articulate raw vulnerability and audit data into executive reports
- Excellent communication skills and extensive experience working with clients and partners. Self-driven with an aptitude to learn new technologies
- Ability to create success with minimal oversight and management
- Bachelor’s degree in Computer Science, Engineering, or equivalent experience
- Knowledge of Scripting and/or programming skills (e.g., Python, PowerShell, Java, JS, etc.)
- Desired: Security certifications such as CISSP, CISA or CEH