Vulnerability Management Engineer (Qualys)

JOB DESCRIPTION

• Responsible for the development, planning, monitoring and implementation of the information security controls, specifically through maintaining the Qualys on-premise scanning appliances. This includes configuring scanners, setting up scheduled scans, as well as updating secure baseline assessments to ensure the continued integrity of the Bank’ s information resources. Assists in strengthening technical measures to protect bank resources and business electronic information. Develops and implements IT security policies covering protocols, applications, networks, client and server systems, personnel and other risk mitigation mechanisms.
• Overall responsibility of security design through the evaluation, creation, and monitoring of the secure device configuration baselines. Reviews configuration monitoring tools for baseline compliance and escalation.
• Performs detailed and ongoing risk analysis to determine IT security risk for non-compliance to secure baselines. Leads information security secure baselines monitoring for the Bank's infrastructure. Uses initiative and sound judgment to make appropriate recommendations for information risk mitigation.
• Enhances or modifies security controls based on known or predicted exploits of technology deficiencies in regard to security principals.
• Performs detailed technical reviews of documentation to ensure computer security integration and compliance to all banking regulations (FDIC, GLBA, CA SB1386, etc.)
• Performs other duties as assigned.

Requirements

QUALIFICATIONS

• Requires 5 years minimum prior relevant experience
• Prefer 3 – 5 years’ experience in developing and monitoring an information security function; 1 – 2 years of Banking/finance Industry or highly regulated industry preferred.
• Hands-on experience assessing security controls and managing risk; network and information system security, vulnerability assessments and compliance scanning tools.
• Ability to manage processes and toolsets with minimal direction
• May have practical knowledge of project management.
• Working knowledge of information security risks and counter measures for Windows and Unix/Linux platforms Level Supervised

EDUCATION

• Prefer a Bachelor's Degree in IT, Computer Science or related field
• Prefer Information Security certification, which could include: CISSP - Certified Information Technology Security Professional; CCSP - Certified Cisco Security professional; GIAC - Global Information Assurance Certification; CISM Certified Information Security Manager

Benefits