Manager, Vulnerability Management

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.  Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.  We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.  Join our dynamic team and make your mark on the payments technology landscape of tomorrow. 

Overview 

The Manager of Vulnerability Scanning is a member of the Vulnerability Management Team. The role's overall responsibility is to develop and lead a highly technical and specialized team within the overall Vulnerability Management program. This includes evolving the team, leading and owning tactical and daily activities, deploying and executing enterprise security controls and defenses, monitoring and analyzing system vulnerabilities, supporting and enforcing remediation activities, mitigation strategies, maintaining documentation, delivering audit artifacts, and providing guidance to business decision makers.

Responsibilities:

Assist in the development and maintenance of various vulnerability management services including vulnerability scanning, configuration assessments, and infrastructure assessments

• Lead a globally-distributed team of VM analysts across multiple time zones with diverse skill backgrounds including: traditional VM, automation, cloud engineering, system administration, and network administration

• Provide guidance, real-time feedback, and annual performance reviews to direct reports

• Manage and perform HR functions for a team of 5+ FTE, including vacation approval, scheduling, performance reviews, etc.

• Mentor team members to improve skills and awareness

• Define and enhance capabilities to support vulnerability scanning services across distributed on-prem environments, remote business units with or without WAN connectivity, and cloud deployments

• Maintain a full set of compliance artifacts for multiple core entities and business units

• Lead and/or support remediation coordination activities as directed by leadership

• Own and maintain the care and operation of medium to large scale Tenable installation across multiple parallel Tenable.SC and Tenable.io deployments

• Design, engineer, and operate automated processes to provide efficient and scalable capabilities

• Continuously evaluate industry-leading and emerging security technologies to support capabilities

• Collaborate with internal customers to define service requirements and gather feedback to enhance offerings

• Maintain and enhance the the vulnerability management program which includes maintaining program documentation, integrating processes/systems with other IT teams, defining metrics/reports for Executive leadership, and creating compliance artifacts

• Recommend configuration changes to improve the performance, usability, coverage, and value of vulnerability scanning tools

• Collaborate with others in the Information Security department to develop and implement innovative strategies for monitoring and preventing attackers

• Provide feedback on security scanning capability gaps 

• Develop and maintain standard operating procedures to reflect day-to-day security operations and update those procedures to reflect changing procedures or tools 

• Create innovative in-house control capabilities to assist in the automation of existing security operations functions

Qualifications:

• Bachelor's degree in Computer or Software Engineering, Computer Science, Information Management, Information Science or a related technical field preferred but not required

• 2+ years of experience leading information security teams

• Experience with the Tenable and Qualys vulnerability scanning products

• 5+ Years hands on technical experience

• Experience maintaining large scale scanner deployments across multiple business units

• Experience designing and engineering operational processes

• Demonstrated ability to interact with business and technical audiences cross all levels of an organization

• Strong time management skills and experience handling multiple initiatives with competing priorities

• Strong analytical and technical skills

• In-depth knowledge of common internet protocols (e.g., DNS, HTTP) Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management)  Strong knowledge of and experience working in Windows and Linux environments

• Knowledge of cloud infrastructure (AWS and GCP preferred), including account structure, roles, VPCs, and cross-account access preferred

• Ability to develop custom ETL and reporting scripts using common data querying languages/tools (e.g., Regular Expressions, XPath, XQuery, SQL, grep)  Ability to develop custom scripts using common scripting languages (e.g., Python,PowerShell, VBA) preferred but not required

• Basic knowledge of SecDevOps, CI/CD cloud tools - Terraform, GitLab, Jenkins

Certifications:

• Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Web Application Penetration Testing (GWAPT), GIAC Network Penetration Testing (GPEN), Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP)

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact jobs@globalpay.com.