In this role, the Information Security Engineer (Vulnerability Management) will review, coordinate, implement, and maintain vulnerability and configuration scans, policies, and metrics in support of the Vulnerability Management Program. The candidate will work closely with Information Security engineers, analysts, and groups within and outside of Information Security, including business asset owners to help ensure the Confidentiality, Integrity, and Availability of Tenable's assets.
- Monitor and maintain enterprise security scanning tools (Tenable Products, Open-Source Scanning, SAST/DAST, etc.).
- Provide recommendations on remediating host-based and web application vulnerabilities.
- Conduct manual validation to confirm vulnerability closure.
- Perform analysis to validate justifications for false positives, operational requirements, and risk adjustments.
- Provide recommendations to optimize processes and procedures related to enterprise security scanning tools.
- Serve as a subject matter expert for vulnerability management issue resolution.
- Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise – technical and non-technical resources.
- Provide periodic reports detailing scan success, remediation efforts, and vulnerability trends
What You'll Need:
- 3+ years of experience using a vulnerability assessment tool to configure and run scans
- Full understanding of the vulnerability management lifecycle and good practices around patch management
- Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
- Ability to manually validate results identified by automated security assessment solutions
- Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
- 3+ years performing web application scanning and reviewing results
- Demonstrated knowledge in the planning, development, coordination, implementation, and execution of a vulnerability management program
- In-depth knowledge of policies, procedures, development, and implementation of vulnerability identification, scanning, analysis, remediation tactics, and reporting within an organization
- Experience creating system inventories, boundary diagrams, and plans of actions and milestones (POA&M)
- Experience with common CI/CD and software deployment automation tools
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems, Linux Operating Systems
- Strong sense of ownership, urgency, and drive
- Knowledge of AWS (Amazon Web Services), GPC (Google Private Cloud), Azure, or other cloud platforms and related technologies is desired
- Familiarity with configuration baseline standards such as CIS & STIG
- Ability to perform well with minimal supervision
- Self-motivated while demonstrating a passion for Cybersecurity
- BS. or above in related Information Technology field or an equivalent combination of education and experience
- Security+, CEH, OSCP, GIAC GCIH or other Infosec certifications is a plus
If you've reached this point in the job description and feel you're still not sure if you should apply…Just do it! We know there are no perfect applicants. You may not have 100% of all those bullets listed above - and that's okay. If you're feeling like you're not going to fit in with our teams - that's not ok. We're One Tenable which means however you identify and whatever background you bring with you, we encourage you to submit an application if it's a role you can be passionate about doing every day.