Lead Vulnerability Manager
Bayview Asset Management
2024-11-07 21:38:56
New York City, New York, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Overview:
POSITION SUMMARY:
In this role we want you to establish your own program and see the outcomes. Bayview has the opportunity for a leader to come into the vulnerability management role and re-establish a program. We currently have VM running but we are looking for the right person to establish amazing outcomes and mature to an optimized program. This role will lead and coordinate the vulnerability management program including infrastructure, db, endpoints, and coordinate and manage external testing and analysis. Your success in this program comes through working with the technical, business, cloud, and security teams to optimize and enhance the vulnerability scanning capability, through Rapid7, Tanium, and other vulnerability scanning and assessment technologies. You will be asked to improve and mature the vulnerability program and report updates to key stakeholders regularly.
This role needs previous experience in driving a cultural change program to enable the ownership of remediation activities by clearly communicating, creating self-service responsibility, and aligning with prioritized risk and understanding the depth and breadth of technology and data assets. The maturing of the program will be evaluated based upon the documented processes, standards, and tools that are understood and used consistently by the roles in the organization to timely find and fix vulnerabilities in systems. Furthermore, metrics and KPI's are to be established, agreed upon with stakeholders, and used to perform continuous improvements, education and training in the program. Although threat hunting and analysis are not directly in this program, the right candidate will have experience and knowledge of the integration of threat, incident, cyber risk, and SDLC components to achieve success. Additional key experiences should include automation and integration of VM platforms to CMDBs, IPAM tooling, SIEM tools, and automated reporting.
KEY RESPONSIBILITIES:
Configure, run, update, tune, and perform reporting on vulnerability management tooling
Provide recommendations and technical guidance for the lifecycle of vulnerability management
Schedule, run, verify, and ensure regular vulnerability scans, assessments, analysis performed, completed, and results produced accurately.
Oversee the vulnerability management processes, suggesting applicable change controls, and security exceptions using risk-based processes.
Work with vendors, partners, contractors, and employees to ensure vulnerability management programs are mature, complete, accurate, and comprehensive of the environment
Identify opportunities to collaborate across cyber teams and optimize efficiencies to reduce the level of effort, costs and risks across threat landscapes while facilitating increased organizational situational awareness
Develop reports, KPI's, Metrics, etc. using data that is hosted in multiple sources/tools (e.g., spreadsheets, databases) and communicate clearly to leadership and other cyber teams. Design and implement new or enhanced vulnerability reporting and monitoring solutions.
Develop self-service roles, reporting/metrics, training, and the like to support efficiency and reduce MTTR
Work with teams including db, system admins, developers, support groups, cloud, enterprise technology, and business teams to perform root cause analysis, evaluate any false positive/negative analysis, root cause fingerprinting, scanning, or other details to determine vulnerability evaluations.
Work with other teams to ensure automation and integration where applicable and provides for less manual processes
Evaluate, build, and understand risk-based vulnerability management
Understand and utilize the CVSS, OWASP, and other valuation scoring for vulnerabilities
Communicate written and verbal information in a timely, clear, and concise manner.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of system administration, network, operating system hardening techniques, and the risk management process.
Knowledge of specific operational impacts of cybersecurity lapses and organization's threat environment.
Influence the development of vulnerability management, patch management, system build, cloud, coding, and similar standards and security policies.
Review and analyze vulnerability data to identify trends and patterns.
Lead and mentor team members as a technical expert.
Monitor external data sources and threats to determine which vulnerability security issues may have an impact on the enterprise and evaluate risk-based outcomes. Report critical risks with imminent threat to the organization through an emergency vulnerability threat analysis process.
All other duties as assigned
SKILLS/KNOWLEDGE/ABILITIES REQUIREMENTS:
Bachelor's of Science degree in Computer Science, Engineering, Computer Security, Information Systems, or related field, OR comparab
All other duties as assigned
le level of professional experience
5+ years of Cyber Security experience and 3+ years of system administration, dba, coding, and or similar technology experience.
4+ years of Vulnerability & Threat Management or related experience Required Skills
Experience presenting to both technical and non-technical audiences, and effective communication skills including oral, written, and listening.
Knowledge of the software development lifecycle, DevOps and security practices, and the tooling used in developing and deploying secure code (i.e.Gitlab, Jenkins, Snyk, Sonarqube, Veracode, etc.)
Familiarity with services and platforms used for deployment of Docker, Kubernetes, virtual cloud or on prem technology
Familiarity with at least one common programming language (i.e. Java, Python, Golang, etc.)
Experience conducting or leading incident response efforts Experience with threat models, such as Diamond, Cyber Kill Chain, ATT&CK, Racetrack, etc.
Experience with penetration testing and/or exploit research
AWS Certification(s), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH) or other relevant certifications.
LOCATION & COMPENSATION:
The base salary range for this role is $120,000 to $160,000 depending on the individual's experience.
Role can be 100% fully remote depending on geographic location.
Certifications, Licenses, and/or Registration
N/A.
Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus.
EEOC
Bayview Asset Management is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.