Product Security Incident Manager
5 - 7 years experience • Information Services
The core responsibilities of this position are as follows:
· Manage queue of reported vulnerabilities to ensure communications are promptly addressed, catalogued and internally distributed to appropriate internal stakeholders.
· Validate, research, and prioritize/escalate findings as appropriate before circulation.
· Manage each reported vulnerability and its status until resolution.
· Partner withother teams in the security organization to manage communications and status reporting.
· Attend technical calls with internal or external parties regarding reported vulnerabilities.
· Document all information including the mitigation and remediation of reported vulnerabilities.
Skill and Abilities
· Experience with vulnerability management
· Experience with incident response methodology in investigations and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
· Knowledge of systems administration (*nix/Windows), networkengineering, and securityengineering
o Must be comfortable at the command line of a UNIX-like OS
o Intermediate level understanding of cloud/vm, automation, and devops technology
o Ability to use tools to process large text files
· Knowledge of product development lifecycles
· Familiarity with responsible disclosure practices
· Ability to work withother technical security and development teams to remediate vulnerabilities
· Experience with penetration testing and/or systems auditing
o Knowledge of OWASP top 10, referring to NVD/CVE, CVSS Scoring
o Intermediate level understanding of validation tools and methodologies (port scanners, etc).
o Intermediate level understanding of common vulnerabilities in large/agile environments.
· Experience with software development methodologies and the software used within large/agile environments
· Project Management experience or PMP certification
· Knowledge of networking concepts and analysis tools and operating systems, software, and security controls
· Ability to perform independent research and report on findings
· Ability to be a self-starter, quick learner, and detail oriented
· Ability to perform analysis with strict attention to detail and display solution orientation to learn and adapt quickly
· Possession of excellent oral and written communication skills, including communicating effectively under normal and stressful situations
Years’ Experience Requires 5+ years related experience.