Vulnerability Management Lead

Job Description:

XOR Security is currently seeking a Vulnerability Management Lead. The ideal candidate will lead the team in the performance of Vulnerability Management, Information Security Continuous Monitoring (ISCM), Risk Management (RM), and Ongoing Authorization (OA), and Compliance and internal/external activities for the program. Emphasis will be placed technical and vulnerability management program leadership skills with past performance in improving an organization’s risk posture through the identification, prioritization, and remediation guidance of vulnerabilities. The Candidate must have SME knowledge of vulnerability management scanning, analysis, and mitigation technologies.

Required Qualifications:

• 8+ years of experience in cyber security, preferably in Cyber Security or information technology – 4 of which should be directly related to vulnerability management.
• Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering) – exceptions additional .
• Experience technical and vulnerability management program leadership skills with past performance in improving an organization’s risk posture through the identification, prioritization, and remediation guidance of vulnerabilities.
• Experience in vulnerability and risk reporting at an enterprise level.
• Update-to-date knowledge in the field of risk and vulnerability management tools and techniques.
• Strong analytical and technical skills in
• Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities
• Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans.
• Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
• A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Desired Qualifications:

• CISSP, CRISC, CISM, GPEN, GWAPT, GXPN, CEH, OSCP or other industry-level cyber certification required.
• Support risk management by maintaining visibility and comprehensive situational awareness of the cyber threat landscape impacting the program.
• Reduce cost and optimize program cybersecurity posture through complexity reduction, reciprocity, and increased automation.

Job Duties Include:

• Conduct vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as Qualys, Retina, Rapid7, or Tenable. 
• Identify security gaps, evaluate, recommend and/or implement enhancements related to configuration and security vulnerabilities.
• Collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts.
• Assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and system owners.
• Track and report compliance activity and trend analysis of enterprise vulnerabilities.
• Lead the development of workflows related to vulnerability assessment, analysis, prioritization, and mitigation activities.
• Create documentation that outlines how the various dashboards fit together, the analysis that should be performed on each, and what deliverables would allow for appropriate management information and higher-level dashboard creation.
• Support cyber policy development efforts.
• Continuous improvement with regulatory and policy alignment with Federal mandates.
• Enhance cybersecurity Risk Management Framework (RMF) implementation.
• Lead and coordinate High Value Asset (HVA) program activities.
• Ensure Plans of Action and Milestones (POA&M) coordination and reporting activities are briefed to CFTC leadership as required by Binding Operational Directives.
• Provide architecture and technical guidance on enterprise-wide cybersecurity programs.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a required security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED.