Senior Vulnerability Management Analyst – Product Security
Contagem, Brazil
Applications have closed
Wabtec
At the leading edge of driving innovative technologies and responsible operations across the world. Drawing on over 150 years of experience, we are leading the way in safety, efficiency, reliability, innovation, and productivity.Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at: http://www.WabtecCorp.com.
It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.
Who will you be working with?
You will work across a global organization to execute the Vulnerability Management Lifecycle (Discovery, Triage, Disposition, & Monitor) in Wabtec’s Products.
How will you make a difference?
A Senior Vulnerability Management Analyst is responsible for leading day-to-day aspects of vulnerability management operations and process improvement and program maturity projects.
Work across a global organization to execute the Vulnerability Management Lifecycle (Discovery, Triage, Disposition, & Monitor) in Wabtec’s Products.
What do we want to know about you?
- Bachelor's degree in computer science / engineering.
- Experience in Cybersecurity, with focus on Vulnerability Management domain.
- Strong knowledge of common vulnerability frameworks (CVSS, OWASP).
- Experience using vulnerability scanning / management tools (e.g., ArmorCode, Tenable, Qualys)
- Strong knowledge of MS Excel, PowerPoint, Word
- Ability to collaborate effectively as part of a global cross-functional team, working independently with minimal supervision.
- Detail oriented with focus on quality.
- Ability to execute multiple concurrent assignments and achieve commitments to the business.
- Ability to effectively communicate across a variety of audiences and skillsets.
- Ability to identify and communicate meaningful metrics with the data provided.
- Excellent written and verbal communications.
Preferred qualifications:
- Professional cybersecurity certifications such as CEH, Security+, CySA+.
- Master's degree in computer science / engineering.
- Proven experience leading projects
- Knowledge of CISA and/or critical infrastructure regulation / initiatives.
- Knowledge of Secure SDLC methodologies
- Proven experience working with productivity tools such as PowerBI.
- Knowledge of system, application, and database hardening techniques and practices.
- Advanced professional cybersecurity certifications such as CISSP, GEVA, CISA
- Proven experience of or certification in IEC-62443
What will your typical day look like?
- Lead and mature vulnerability management processes including vulnerability disclosure & handling.
- Ensure quality and integrity of recorded vulnerabilities from various sources such as penetration test, PSIRT, & scanning tools etc.…
- Develop and execute program awareness campaigns and webinars with internal stakeholders.
- Actively contribute to the implementation of technical efficiencies and automation of vulnerability management processes.
- Lead the creation of vulnerability advisories, and coordination and execution of the disclosure process aligned to operational targets and program policy.
- Lead management, support, and adoption of vulnerability management tool and its integrations
- Communicate and report on KPIs and program metrics.
- Engage with internal stakeholders including Engineering and Infrastructure teams to support vulnerability remediation per program policy and SLAs.
Additional contributions and activities
- Proactively review threat intelligence and vulnerability alerts to determine relevancy and urgency.
- Support and collaborate on Product Security Incident Response (PSIRT) processes/activities.
- Provide technical advice on mitigating measures and solutions to reduce risk.
- Other related cybersecurity duties as the program grows & matures.
#LI-TO1
Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation CEH CISA CISSP Computer Science CVSS Incident response KPIs OWASP Product security PSIRT Qualys SDLC SLAs Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Gear
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs