Vulnerability Management Engineer

Location Details: 

At GoDaddy the future of work looks different for each team. Some teams work in the office full-events or offsites. Your hiring manager can share more about this role’s hybrid or remote time, others have a hybrid arrangement (they work remotely some days and in the office some days) and some work entirely remotely.

Hybrid-or-Remote:  This position may be a hybrid or fully remote position, as decided by your manager. If designated as hybrid, you’ll divide your time between working remotely from your home and an office location, so you should live within commuting distance. If designated as remote, you’ll be working remotely from your home and may occasionally visit a GoDaddy office to meet with your team for designation. 

This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands.

Join our team...

Within Information Security, the Security Risks & Assessments team is responsible for Security Hygiene for GoDaddy. We deliver high-quality Security initiatives to improve transparency and strengthen GoDaddy’s overall Security posture.

GoDaddy's Business Enablement team is seeking a Workday Systems Administrator - Financials to assist with our Workday Financials platform. The position will support the Business Enablement organization and help design, test, build and implement configuration changes needed to align Workday with the business' processes. Additionally this role will have the opportunity to help guide the business in processes and work on future implementation needs. The right person for this role will have analytical and problem-solving skills with a proven background in Workday configuration, business process optimization and standardization. They should be able to help translate accounting and finance needs to system configuration. If you are someone who thrives in a quick moving environment and enjoys the challenge of learning new things then GoDaddy is the right place for you!

What you'll get to do...

• Perform security risk assessments and report the findings with recommendations.
• Hands on experience on vulnerability scanning using tools like Tenable, Qualys etc.
• Triage all findings reported from external sources like bug bounty and vulnerability disclosure program.
• Liaise with internal compliance teams and perform appropriate scanning, testing, reporting and mitigation, to meet compliance requirements.
• Provide leadership and mentoring including technical and personal development for team members.
• Maintain current knowledge of threat landscape, attacker techniques and mitigations.
• Participate in crafting processes/practices, policies, tools, and partnerships to expand and mature the capabilities of the organization.
• Identify vulnerabilities and work multi-functionally to implement countermeasures.
• Monitor for new vulnerabilities reported by internal and external sources and identify the impacted assets.
• Research, classify, and score reported vulnerabilities.
• Develop and report on substantial metrics for the Vulnerability Management Program.

Your experience should include...

• Bachelor's Degree in appropriate field of study or equivalent work experience.
• 4+ years of experience as security Engineer.
• 4+ years of experience in a medium to large sized IT organization with a large cloud footprint.
• Experience with Qualys Vulnerability Management.
• Experience with security tools including Tenable, Tanium, AppSpider and BurpSuite.
• Strong experience using Linux operating system
• Experience with productivity tools including Microsoft Office Suite, Jira and ServiceNow.
• Experience running and identifying zero day and other vulnerabilities on infrastructure and network, along with providing scope and remediation steps.
• Experience with large network and web application vulnerability scanning and reporting.
• Proven ability to work creatively and analytically in a problem-solving environment demonstrating teamwork, innovation, and excellence.
• Self-motivated, decisive, with the ability to adapt to change and competing demands.
• Solid grasp of general information security concepts, techniques, and methodologies.
• Solid grasp of vulnerability classification and scoring methodologies (CVSS, CWE).
• Working knowledge of Risk Management frameworks, Security frameworks & Data Protection regulations.
• Strong understanding of desktop and server operating systems and software, including RedHat/CentOS Linux and Windows Server.

You might also have...

• Preferred certifications: CEH, CISSP, OSCP relevant certifications.
• Scripting (Python) experience.
• Experience using Tanium.
• Penetration Testing.

We've got your back... Enjoy our many benefits (My Wallet), which may vary depending on role and tenure, including paid time off, 401k, bonus eligibility, equity grants and parental leave. Join one of our employee resource groups (Culture). Once approved, continue to have a side hustle if you have one (we love entrepreneurs, remember?). Most importantly, come as you are and make your own way. 

About us... GoDaddy is empowering everyday entrepreneurs around the world by providing all of the help and tools to succeed online. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights and the people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us (https://aboutus.godaddy.net/about-us/overview/default.aspx.) 

GoDaddy is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, creed, sex, sexual orientation, gender, gender identity or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state or local law. GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.

If you need help completing an application for a position with GoDaddy, please reach out to our Recruiting Team at myrecruiter@godaddy.com.

 GoDaddy doesn’t accept unsolicited resumes from recruiters or employment agencies.