Senior Vulnerability Management Specialist

Appian is seeking a Senior Vulnerability Management Specialist to join our Information Security Team.  The ideal candidate will have a passion for cyber-security awareness and vulnerability management. In this role, the Vulnerability Management Specialist will be responsible for developing and deploying a new Vulnerability Management program. As such they will become the system architect for the future in cloud security. Working with existing Engineering and Security teams, this role will take owner ship of all vulnerability management process and documentation. This will include revising existing models and developing new innovative methodologies of managing vulnerabilities and reporting. A strong skill and desire for automation is required here and will be key to deploying the future of cyber-security management. This individual will also be responsible for building a team to design, deploy, and run next iteration of vulnerability management.

Responsibilities

• Establish, maintain and communicate a clear and comprehensive IT Vulnerability Management program aligned to standard framework(s) including but not limited to, FedRAMP, NIST 800-53, NIST 800-171, & DoD CC SRG
• Direct cross-functional, cross-department teams in remediating security vulnerabilities, ensuring regular communication of status and work products mitigate the intended vulnerabilities.
• Own the program as a leader and be the main point of contact and subject matter expert
• Implement, define and improve policies, standards, and procedures of the Vulnerability Management service, including:
  • Vulnerability scanning
  • Vulnerability reporting
  • Coordination of patch management
  • Secure coding practices and testing
• Identify systems vulnerabilities and provide proper consultation for remediation
• Provide system administration support for vulnerability scanning and application testing technologies
• Work with Cloud services teams to ensure standard systems development does not expand the threat landscape of the organization
• Work with software development teams to ensure they are utilizing secure coding standards and code testing capabilities
• Develop training programs for awareness within the organization and specialist training for targeted groups to stay up to date with new developments and requirements
• Establish and drive metrics, analytics, reporting mechanisms and services, maturity models and a roadmap for continual program improvements.
• Facilitate compliance with policies and external regulations
• Maintain up-to-date understanding of technology trends and developments in the areas of information technology and security
• Ability to drive execution of defined goals through effective interaction with IT services teams
• Able to understand, design and develop threat mitigation strategy, prioritize identified threats, managing risks associated with threats
• Keep abreast of relevant trends and threats, and translate these based on relevant threats and vulnerabilities

Other Duties

• Work with Security Architecture & Engineering Support teams to determine solutions and propose plans to implement them.
• Prepare formal reports and presentations of findings and recommendations
• Author IT vulnerability guidelines, principles, policies, and standards for information / data stewards, stakeholders, and development teams

Preferred Experience

• Experience executing security testing activities such as penetration testing and application/vulnerability assessments
• Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications, access and identity management
• Experience with Vulnerability management tools (i.e. Tenable, Qualys, Tripwire)
• Experience in network infrastructure and security best practices
• Experience with network firewalls
• Understanding of Linux operating systems
• Understanding of secure software development lifecycle from coding to deployment
• Responsible for the management and strategy of documentation processes
• Ability to identify and execute process improvement
• Programming Skills in a least one interpreted language (PHP, Ruby, Python,)
• Knowledge of CMMC NIST 800-171
• Advanced understanding of NIST 800-53 and particle implementations, specifically around controls related to Vulnerability Management & Continuous Monitoring.
• Familiarity with CUI requirements for unclassified IT systems a plus

About Us:

Appian helps organizations build apps and workflows rapidly, with a low-code automation platform. Combining people, technologies, and data in a single workflow, Appian can help companies maximize their resources and improve business results. Many of the world’s largest organizations use Appian applications to improve customer experience, achieve operational excellence, and simplify global risk management and compliance. Our employees create opportunities to drive hands-on impact both with our customers and throughout the organization, which creates an environment where meaningful work is met with career growth and opportunity. As a result, we are proud to have been recognized as a Washington Post Top Workplace for seven consecutive years. Simply put, we are changing the way businesses operate and our employees are to thank for Appian’s success.

Appian Corporation is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Further, Appian will not discriminate against applicants for inquiring about, discussing or disclosing their pay or, in certain circumstances, the pay of their co‐worker, Pay Transparency Nondiscrimination.  

If you need a reasonable accommodation for any part of the employment process, please contact us by email at ReasonableAccommodations@appian.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

#LI-AO1