Vulnerability Assessment Engineer (Remote USA Opportunity)
Mountain View, CA
Applications have closed
Pure Storage
Discover a better way to interact with your data through storage that's always modern, easy to manage, and provides a flexible way to consume.BE PART OF BUILDING THE FUTURE.
What do NASA and emerging space companies have in common with COVID vaccine R&D teams or with Roblox and the Metaverse?
The answer is data, -- all fast moving, fast growing industries rely on data for a competitive edge in their industries. And the most advanced companies are realizing the full data advantage by partnering with Pure Storage. Pure’s vision is to redefine the storage experience and empower innovators by simplifying how people consume and interact with data. With 9,000 customers including 50% of the Fortune 500, we’ve only scratched the surface of our ambitions.
Pure is blazing trails and setting records:
- For eight straight years, Gartner has named Pure a leader in the Magic Quadrant
- Our customer-first culture and unwavering commitment to innovation have earned us a certified Net Promoter Score in the top 1% of B2B companies globally
- Industry analysts and press applaud Pure’s leadership across these dimensions
- And, our 4,000+ employees are emboldened to make Pure a faster, stronger, smarter company as we go
If you, like us, say “bring it on” to exciting challenges that change the world, we have endless opportunities where you can make your mark.
Summary
Defines the objectives of an enterprise threat and vulnerability management program. Once defined, the successful candidate will drive the strategy, evaluation, process, execution, and operations of the vulnerability management program, with the responsibility to expand this program across Pure’s more than 100,000 asset-strong infrastructure. The successful candidate will create closed-loop processes to drive vulnerability remediation across operational teams.
About the Role
You are responsible for designing and improving Pure’s vulnerability management infrastructure and processes. You will work with key stakeholders to create strategies and actionable reporting for the prioritization and timely remediation of vulnerabilities. Additionally, you will have ownership of the operational effectiveness and continuous improvement of the program.
Relevant Knowledge or Experience
- Ownership of a vulnerability management program.
- Computer networking concepts and protocols, and network security methodologies.
- Vulnerability management frameworks and concepts such as CVE, and CVSS Threat Intelligence and visibility into new threats.
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Cyber threats and vulnerabilities.
- Application vulnerability classes, OWASP top 10, and common development mistakes.
- Knowledge of system administration, network, and operating system hardening techniques.
- Understanding of basic software development processes.
- Demonstrated experience and familiarity with vulnerability management.
Skills
- Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
- Program management with the ability to articulate an objective and lay out key milestones for reaching the objective within an allocated timeframe and budget.
- Work with business units to perform vulnerability assessments on systems or applications.
- Demonstrated ability to analyze data from disparate sources
- Make recommendations on required mitigation & remediation approaches.
- Use of network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, nikto, Nessus, etc.).
- Strong foundation in network protocols (e.g. TCP, UDP, HTTP, IP).
- Conducting application vulnerability assessments.
- Ability to automate tasks using a preferred language (e.g. Python)
- Ability to interact with common APIs
- Performing impact/risk assessments.
- Excellent written and verbal communication skills.
Experience
- 4+ years working in a vulnerability management program, and running a successful threat vulnerability program
- 8+ years working in security and/or IT functions in aggregate
#LI-DF1 #LI-REMOTE
-----------------------------------------------------------------------------------------------------
Pure Storage applies a geographic based pay structure depending on an employee’s location. For applicants located in Colorado (as required by SB19-085):
- The annual base salary range is: $124,000-$186,000. This role may be eligible for incentive pay and/or equity.
- US Benefits Summary
BE YOU—CORPORATE CLONES NEED NOT APPLY.
Pure is where you ask big questions, think differently, and make an impact. This is not just a job, but a place where you have a voice and can accelerate your career. We value unique thoughts and celebrate individuality, and with ample opportunity to learn, develop yourself, and expand into different roles, joining Pure is an investment in your career journey.
Through our Pure Equality program, which supports a flourishing field of employee resource groups, we nourish the personal and professional lives of our team members. And our Pure Good Foundation gives back to local and global communities through volunteering and grants.
And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events.
PURE IS COMMITTED TO EQUALITY.
Research shows that in order to apply for a job, women feel they need to meet 100% of the criteria while men usually apply after meeting about 60%. Regardless of how you identify, if you believe you can do the job and are a good match, we encourage you to apply.
Pure is proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire.
If you need assistance or an accommodation due to a disability, you may contact us at TA-Ops@purestorage.com.
APPLICANT & CANDIDATE PERSONAL INFORMATION PRIVACY NOTICE.
If you're wondering how or why Pure collects or uses information you provide, we invite you to check out our Applicant & Candidate Personal Information Protection Notice.
DEEMED EXPORT LICENSE NOTICE.
Some positions may require a deemed export license for compliance with applicable laws and regulations. Please note: Pure does not currently sponsor deemed export license applications so we are unable to proceed with applicants requiring stated sponsorship.
PURE’S COMPLIANCE WITH THE U.S. GOVERNMENT COVID-19 MANDATE
In accordance with Pure’s policies, current and anticipated federal regulations, and our ongoing commitment to prioritizing the health and well-being of our employees, partners, and customers, and the community at large, where permitted by law, all Pure employees and contractors working in the United States are expected to be fully vaccinated against COVID-19 prior to your start date. Should you require an exemption for medical or religious reasons, you must initiate Pure’s exemption request process which will determine if an exemption can be granted in accordance with applicable local, state, and/or federal law.
Tags: APIs Compliance CVSS Nessus Network security Nmap OWASP Privacy Python R&D Risk management Strategy Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs