Consultant - Vulnerability Management | US Remote
United States
Applications have closed
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…Position SummaryThe Consultant Vulnerability Management (VM) will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. Consultants possess a foundation of technical & professional skills sufficient to participate in customer engagements where their base skills apply. Critically important in the Consultant is the drive to continually build upon this foundation and develop into a broadly skilled penetration tester by deepening existing and developing new skills. The Consultant will work closely with Project Managers, Senior Consultants and direct managers on their assigned duties. Consultants continue to deepen their skills and broaden their impact both internal to Coalfire, as well as the Security Community as a whole.
Wat You'll Do
- Work with some of the leading Cloud Service Providers (CSPs) to validate vulnerability management security posture of their products and services.
- Monitor and maintain enterprise security scanning tools (Nessus, Qualys, Nexpose, Netsparker, Burp, etc.).
- Provide recommendations on remediating host-based and web application vulnerabilities.
- Conduct manual validation to confirm vulnerability closure.
- Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments.
- Provide recommendations to optimize processes and procedures related to enterprise security scanning tools.
- Serve as subject matter expert for vulnerability management issue resolution.
- Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise – both technical and non-technical resources.
- Provide periodic reports detailing scan success, remediation efforts, and vulnerability trends.
What You'll Bring
- Minimum of 2 - 5 years of experience in IT and/or cybersecurity.
- Consulting/professional services experience.
- BS or above in related Information Technology field or equivalent combination of education and experience.
- Experience in at least one of the leading vulnerability management tool providers (Tenable, Qualys, Rapid7, etc...).
- Direct experience working with remediation teams and management on vulnerability remediation and security posture improvement.
- Experience will tool automation using scripting languages such as Python.
- Experience working in ticketing tools for remediation activities.
- Knowledge and experience of industry best practices for vulnerability management.
- Knowledge of policies, procedures, development, and implementation of vulnerability identification, scanning, analysis, remediation tactics, and reporting within an organization.
- An interest and a desire to advance your career in cybersecurity.
- Strong analytical and communications (written and oral) skills.
- Be a team player who thrives on collaboration.
Bonus Points
- Familiarity with Cloud services such as AWS, Azure, and/or GCP.
- Experience creating system inventories, boundary diagrams, and/or plans of actions and milestones (POA&M).
- Familiarity with compliance frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, etc...
- Familiarity with configuration baseline standards such as CIS & STIG.
- Experience supporting vulnerability management across IaaS, PaaS, and/or SaaS providers.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS Azure Cloud Compliance FedRAMP FISMA GCP HIPAA HITRUST IaaS Nessus PaaS POA&M Python Qualys SaaS Scripting SOC Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs