Support threat intelligence solutions and prioritization of vulnerabilities for remediation.
Develop capabilities through gap analysis, process enhancements, and automation tool integration across product lifecycle
Evaluate and propose remediation strategies based on software tool analysis findings
Establish effective collaboration with cross-functional teams throughout product development
Assist in risk analysis, security gap assessment, and recommendation of cutting-edge solutions
Facilitate creation of comprehensive security process documentation for leadership and stakeholders
Deliver intelligence insights for security patch management of operating systems and third-party software
Collaborate with development teams to craft solutions for existing security challenges
Liaise with stakeholders regarding identified vulnerabilities and proposed remediation approaches
Assist with incident response processes and PSIRT activities when addressing identified security events
Deliver support for penetration testing activities and resulting reports
Partner closely with the Threat Intelligence Manager and support personnel to advance product security initiatives and deliverables
Execute/support annual risk assessments of market-deployed products; document and quantify findings, relay results to development teams
Facilitate annual penetration tests as assigned, develop or assess final reports
Master SBOM generation using various tools and scripts; become an authority in utilizing and analyzing results
Assess security updates for potential impacts on market-deployed products and track emerging vulnerabilities
Compose and/or evaluate patching and update communications for customers and coordinate distribution
Ready software for SAST, DAST, and fuzzing evaluations; analyze and document results, formulate remediation strategies
Deploy image hardening protocols including implementation of DISA STIGs
Compile product risk summaries for semi-annual stakeholder reporting
Engage with external vendors, develop/modify/communicate host module requirements, and ensure vendor accountability for deliverables
Bachelor's degree in Computer Science or related field; or 4 years of equivalent professional experienceProficiency in Microsoft development environment scripting, particularly PowerShellKnowledge of Windows OS services, processes, driver configurations, registry settings, and analysis methodologiesUnderstanding of Windows and Linux cybersecurity configurationsExperience with security tools including SAST, DAST, SBOM, network forensics tools, fuzzing, and standard penetration testing applicationsNetworking expertiseFamiliarity with Microsoft Visual Studio, ADO, or comparable integrated development environments (IDEs) Capacity to follow instructions, identify challenges, recommend solutions, and deliver high-quality results on scheduleUnderstanding of Software Development Lifecycle Management (SDLC) methodologies (Agile/Scrum, iterative)Strong interpersonal and communication abilities to cultivate positive relationships across departments in virtual, remote, and asynchronous work environmentsATTENTION: Current Alcon Employee/Contingent WorkerIf you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.