Senior Vulnerability Management Analyst – Product Security

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at: http://www.WabtecCorp.com.

It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.

Who will you be working with?

You will work across a global organization to execute the Vulnerability Management Lifecycle (Discovery, Triage, Disposition, & Monitor) in Wabtec’s Products.

How will you make a difference?

A Senior Vulnerability Management Analyst is responsible for leading day-to-day aspects of vulnerability management operations and process improvement and program maturity projects.

Work across a global organization to execute the Vulnerability Management Lifecycle (Discovery, Triage, Disposition, & Monitor) in Wabtec’s Products.

What do we want to know about you?

• Bachelor's degree in computer science / engineering.
• Experience in Cybersecurity, with focus on Vulnerability Management domain.
• Strong knowledge of common vulnerability frameworks (CVSS, OWASP).
• Experience using vulnerability scanning / management tools (e.g., ArmorCode, Tenable, Qualys)
• Strong knowledge of MS Excel, PowerPoint, Word
• Ability to collaborate effectively as part of a global cross-functional team, working independently with minimal supervision.
• Detail oriented with focus on quality.
• Ability to execute multiple concurrent assignments and achieve commitments to the business.
• Ability to effectively communicate across a variety of audiences and skillsets.
• Ability to identify and communicate meaningful metrics with the data provided.
• Excellent written and verbal communications.

Preferred qualifications:

• Professional cybersecurity certifications such as CEH, Security+, CySA+.
• Master's degree in computer science / engineering.
• Proven experience leading projects
• Knowledge of CISA and/or critical infrastructure regulation / initiatives.
• Knowledge of Secure SDLC methodologies
• Proven experience working with productivity tools such as PowerBI.
• Knowledge of system, application, and database hardening techniques and practices.
• Advanced professional cybersecurity certifications such as CISSP, GEVA, CISA
• Proven experience of or certification in IEC-62443

What will your typical day look like?

• Lead and mature vulnerability management processes including vulnerability disclosure & handling.
• Ensure quality and integrity of recorded vulnerabilities from various sources such as penetration test, PSIRT, & scanning tools etc.…
• Develop and execute program awareness campaigns and webinars with internal stakeholders.
• Actively contribute to the implementation of technical efficiencies and automation of vulnerability management processes.
• Lead the creation of vulnerability advisories, and coordination and execution of the disclosure process aligned to operational targets and program policy.
• Lead management, support, and adoption of vulnerability management tool and its integrations
• Communicate and report on KPIs and program metrics.
• Engage with internal stakeholders including Engineering and Infrastructure teams to support vulnerability remediation per program policy and SLAs.

Additional contributions and activities

• Proactively review threat intelligence and vulnerability alerts to determine relevancy and urgency.
• Support and collaborate on Product Security Incident Response (PSIRT) processes/activities.

• Provide technical advice on mitigating measures and solutions to reduce risk.
• Other related cybersecurity duties as the program grows & matures.

#LI-TO1 

Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.