Senior Security Vulnerability Engineer -Qualys, Nessus

Employment Type

: Full-Time

Industry

: Engineering



Loading some great jobs for you...





Job Summary

Job Description

Join our team where we thrive on innovation! In your new role of Senior Security Vulnerability Engineer, you will be responsible for providing operational security solutions that would enable the success of IT and business initiatives. As a Senior Security Engineer, you will interface with IT Groups across the company, client managers, business customers, third-parties, vendors, and auditors. 

You'll co-design (along with the Security Architect) and operationalize security solutions that can be effectively delegated to Security Analysts or other support/operations functions. The scope of Security Engineers extends across technical and administrative controls that enable the protection and availability of business and IT systems.

Experience with Qualys and/or Nessus is a big plus.

Essential Functions

  • Providing technical engineering services to support and update existing security systems and works to automate processes related to security implementations, monitoring, and enforcement
  • Investigates, recommends, evaluates, deploys and integrates security tools and techniques to improve our ability to protect corporate assets and infrastructure.
  • Participate in technical risk assessments and security exposure analyses of systems, networks and business applications
  • Evaluate and implement security devices such as firewalls, IDS, IPS, threat correlation tools, vulnerability management tools, encryption capabilities, etc.
  • Analyzes network elements and designs to ensure secure and optimal system and network performance and cost effectiveness.
  • Oversees the purchase, installation, and support of security devices.
  • Responsible for assessing and managing information security risks to pre-existing current systems.
  • Assists in the planning of large scale systems projects through vendor comparison and cost studies.
  • Monitors, reports and resolves all security related problems and discrepancies.
  • Participates as a member of the Information Security Incident Response Team.
  • Interacts with internal and external clients on security requirements, identifies security process and develops strategies/solutions to security issues while maintaining tight security discipline.
  • Develops test plan and implements rigorous testing prior to rollout of new systems into the production environment.
  • Participates in Cyber Security Incident investigations
  • Knowledge and Skills/Technology Used

  • Engineering Lead for Vulnerability Detection and Threat Management lifecycle, with focus on Qualys, Nessus and/or Tanium
  • Must have solid hands on experience with multiple Qualys modules, including Asset Inventory, Vulnerability Management, Policy Compliance, File Integrity Monitoring, Container Security, etc
  • Candidate will evaluate and design innovative solutions and architecture with a special focus on Engineering of Vulnerability Detection and Threat Management Life Cycle 
  • Keep up to date on new Cyber Security trends and threats. Advise on issues and recommend proactive measures.
  • Participate on project working teams that introduce new capabilities and technologies to ensure that vulnerability and hardening exposure is managed.
  • Experience in implementing Information Security technologies and/or processes required.
  • Experience in product evaluation and managing vendor relationships required.
  • Experience in defining Information Security strategy and integrating security technologies into corporate frameworks.
  • Note that in this role, you must have hands on working knowledge of UNIX/AIX, Microsoft NT/2000, firewall multi-layer design and implementation, router access list/packet filtering (CISCO), WANs, LANs, the Internet, Intranets, network protocols and network services (i.e., telnet, ftp, etc.), Intrusion detection systems, Virtual Private Network (VPN), two factor authentication.

    Experience with Azure/AWS automated vulnerability scanning using scanners and agents.

    Typical Education

    Bachelor's Degree in Computer Science, Information Technology, Telecommunications, or Electrical Engineering, or equivalent work experience

    Typical Range of Experience

    Minimum 3 years information security experience

    2+years hands on experience with networking, intrusion detection, VPN, PKI, Next-Generation firewalls, NAC; Identity management and encryption technologies

    License or Certification

    CISSP, GIAC, CCNA, CCNP preferred

    * The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

    Launch your career - Create your profile now!

    Create your Profile

    Loading some great jobs for you...