Job Description

BASIC PURPOSE:

The Sr. Vulnerability Management Engineer is a high impact role and will be responsible for improving the security of Clario\xe2\x80\x99s infrastructure and to do so, the engineer will work with cross functional teams across the enterprise to assess and prioritize vulnerabilities in systems for remediation. Our mission is to provide operationally excellent next-generation information security vulnerability assessments, penetration testing, red teaming, purple teaming, and offensive security services that help protect Clario from adverse cyber events. The candidate will utilize network, agent, external, and other scanning methods. This position will collaborate with IT Infrastructure R&D, DevOps, Product Management and Security to drive remediation of vulnerabilities. This is a \xe2\x80\x9chands on\xe2\x80\x9d role requiring both good communication skills as well as technical knowledge.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Scanning: Maintain and operate scanning tools and underlying infrastructure to scan Clario\'s network for vulnerabilities on endpoints, servers, and other infrastructure devices.
• Prioritization: Utilize a threat-based approach to select vulnerabilities for remediation.
• Remediation tracking : Report prioritized vulnerabilities to stakeholders for timely remediation. Track remediation efforts and advise on methods of resolving issues including configuration changes, software patching, and mitigation.
• Threat Research: Actively seek out new vulnerability information using Open Source Intelligence, security news feeds, social media activity, as well as vendor advisories to stay up to date with trending threats which could pose a risk to Clario.
• Penetration Testing: Plan and execute penetration tests on Clario IT assets, including networks, web applications, mobile applications, and infrastructure.
• Documentation: Maintain documentation of reports, remediation activity, and updates to processes.

OTHER DUTIES AND RESPONSIBILITIES:

• Assist team in maintaining appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.
• Help to develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
• Provide technical expertise and guidance to internal teams to ensure compliance with security standards and regulations.
• Coordinate and facilitate the patch management process to ensure vulnerabilities are remediated in a timely and effective manner.

QUALIFICATIONS AND SKILLS NEEDED:

Education:

Higher Secondary school diploma is required though any college or university degree is a plus.

Certifications such as CompTIA Security+, OSCP, OSCE, GWAPT, CISSP, GIAC or other industry certifications a plus.

Experience:

• 4 to 6 years of IT or Information Security experience.
• Experience performing network vulnerability assessments, web application security testing, penetration testing, red teaming, and threat hunting.
• Strong knowledge of operating systems (e.g., Windows Server, Linux, Kali) and virtualization technologies.
• Experience with reading, writing, and editing code written in various programming languages, in one of the following (Perl, GO, Python, Ruby, Bash, C/C++, C#, and Java).
• Experience with server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, mobile testing.
• Understanding of scanning tools such as Nessus, Qualys, Nmap, etc
• Understanding of industry standards such as CVE, CPE, CVSS & NIST
• Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as AWS or Azure and customer premise.
• Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation.
• Ability to manage one\xe2\x80\x99s time, focus and priorities in a fast-paced environment.
• Experience with Risk Based Vulnerability Management tools such as NopSec,
• Ivanti Neurons, and Cisco Kenna is a plus but not required.
• Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections is a plus but not required.
• Outstanding written and verbal communication skills with the ability to describe complex & abstract security and technical concepts to a non-technical audience.

EEO Statement

Clario is an equal opportunity employer. Clario evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status, or any other legally protected characteristic.

Clario