Primary Function:The Principal Vulnerability Management Analyst serves as the program owner for vulnerability management, overseeing all aspects of vulnerability assessment, remediation, and reporting. This role is pivotal in ensuring Newrez's security posture remains robust and resilient against threats. Proficiency in Security Architecture, Engineering, and Operations across hybrid environments is crucial, encompassing both on-premises and Azure cloud infrastructures. Candidates' primary responsibility includes designing, implementing, and optimizing vulnerability management solutions, with a specialized focus on Qualys VMDR integration and comprehensive reporting for effective risk mitigation.
Principal Duties:- Lead the design and implementation of vulnerability management solutions across multiple business units in hybrid environments.
- Develop and maintain a comprehensive Vulnerability Management Program, emphasizing core capabilities and leveraging Qualys VMDR product offerings.
- Identify and evaluate vulnerability management solutions suitable for on-premises and cloud environments.
- Establish vulnerability management reference architecture across hybrid infrastructures, ensuring alignment with industry standards and best practices.
- Conduct regular vulnerability assessment scans and prioritize remediation efforts based on risk analysis.
- Continuously improve key risk indicators (KRI) related to vulnerability management that is aligned with Rithm's risk tolerance.
- Coordinate with system owners and stakeholders to remediate identified vulnerabilities promptly.
- Develop and implement processes for tracking and monitoring vulnerability remediation progress.
- Generate and distribute vulnerability assessment reports to relevant stakeholders, including executive leadership.
- Collaborate with IT teams to integrate vulnerability management solutions into existing systems and workflows.
- Ensure compliance with relevant industry standards and regulations.
- Stay up to date with the latest security vulnerabilities, exploits, and threat intelligence to enhance the effectiveness of vulnerability management practices.
- Provide guidance and training to IT staff on vulnerability management best practices and procedures.
- Oversee the integration of vulnerability management processes across multiple business units resulting from mergers and acquisitions.
- Perform related duties as assigned by management.
Education and Experience:Required education and experience. Examples below.- Bachelor's degree in computer science, engineering, or another relevant discipline.
- 7+ years of progressive experience in Cyber Security.
- Experience in vulnerability management, with exposure to hybrid on-premises and Azure environments.
- Experience with Qualys VMDR or similar vulnerability management platforms preferred.
Knowledge, Skills, and Abilities:Required knowledge, skills, and ability. Examples below.- In-depth knowledge of vulnerability management processes and best practices.
- Strong understanding of security technologies applicable to hybrid environments.
- Experience with vulnerability assessment tools, specifically Qualys.
- Familiarity with industry frameworks related to vulnerability management (e.g., CVE, CVSS).
- Excellent analytical and problem-solving skills.
- Persuasive communication and collaboration skills.
- Relevant certifications (e.g., CISSP, CEH, Qualys Certified Specialist) are a plus.
- Ability to adapt to changing technologies and environments.
*These essential functions are fundamental to the role, and must be performed on-site, as they cannot physically be performed remotely. In addition, the Company has determined that an in-person presence is important to critical components of our work, including oversight, training, collaboration, and productivity. Items not marked (*) as essential on-site, may still require partial on-site work to perform the role satisfactorily.
While this description is intended to be an accurate reflection of the position's requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.
By applying to this position candidate acknowledges that this is not a remote role and is required to be on-site.Additional Information:
While this description is intended to be an accurate reflection of the position's requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.
All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Microsoft Authenticator. Employment will be contingent on this requirement.
Company Benefits:
We offer benefits, programs, and perks that support you in every aspect of your life.
- Medical, dental, and vision insurance
- Health Savings Account with employer contribution
- 401(k) Retirement plan with employer match
- Paid Maternity Leave/Parental Bonding Leave/Caregiver Leave
- Adoption Assistance
- Tuition & Certification reimbursement
- Employee Mortgage Loan Program
- The Newrez Employee Emergency and Disaster Fund is a program to support our team members experiencing hardships
Newrez NOW:
Through Newrez NOW, our Corporate Social Responsibility program, you'll have opportunities to give back, lead, and make a difference.
- 1 company-paid Volunteer Time Off day (with over 40,000 volunteer hours contributed since our inception)
- Matching Gifts Program - dollar-for-dollar up to $1,000
- Access to grants, nonprofit resources, and volunteer opportunities
- More than $6,000,000 donated since 2020
- 1 in 5 employees participates in at least one Employee Resource Group (ERG)
