Senior Threat & Vulnerability Management Engineer

As a Threat, Asset, and Vulnerability Management Engineer, you will work closely with stakeholders to ensure detection, visibility, and observability of threat, asset, and vulnerability management goals are met. 

Your Responsibilities

• Assist in configuring vulnerability assessment tools & services as well as scan execution, researching, analysis, corrective actionable recommendations, and summarizing with reporting results.
• Maintain awareness of emerging threat actors, patterns, and techniques
• Assist in asset inventory management
• Engage with a broad variety of stakeholders to understand the respective processes to ensure actionable tickets are filed correctly
• Monitor, understand, and prioritize vulnerabilities uncovered by DAST, SAST, IAST, fuzzing, variant analysis, and third party security researchers
• Perform threat modeling and actor profiling
• Coordinate scanning activities with cross functional teams and collaborate with all levels of the organization
• Communicate scanning results and remediation plans to stakeholders
• Provide actionable guidance for vulnerability remediation. Identify and eliminate false positives and false negatives.
• Assist in TAVM tools, services, and platforms

Minimum Experience Requirements

• 5+ years of professional information security/security engineering/software development experience and at least 2 years of professional vulnerability management experience
• Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
• Experience with a wide variety of vulnerability identification tools
• Must be well versed in development lifecycles rom a threat, asset, and vulnerability perspective
• Well versed in operating systems such as Linux as well as MacOS environments, microservices on cloud native stacks, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, and vulnerability management
• Experience with vulnerability scanners, vulnerability management systems, patch management and cloud-based / host-based security systems
• Knowledge of vulnerability scoring systems (CVSS)
• Must possess excellent verbal and written communication skills
• Ability to learn new technologies

Your Nice to have Experience

• Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. OSCP, CISA, CISSP, GCIH)

Plastiq is a smart payment platform designed for businesses to better manage their payments and cash flow. The platform lets companies maximize their existing credit, pay in whatever way is best for their business—regardless of what payment methods their recipients accept—and get paid by card without the burden of card acceptance fees. Businesses can pay globally in more than 40 countries, and Plastiq works with all major credit card providers, including Mastercard, Visa, American Express, and Discover. Plastiq has millions of customers and has processed billions in payments for a wide range of expenses, from business supplier payments and contractors to taxes and rent. Plastiq has won a number of awards and recognitions, including being named to the 2020 Forbes FinTech 50 and 2020 Bay Area Best Places to Work by the San Francisco Business Journal.