About Your Day:
You will lead and grow our Product Security and Threat and Vulnerability Management teams. You’ll design our approach to application security as well as manage risks from internal and external threats to 2U. Most days you’ll work with your fellow team members as well as stakeholders across 2U to develop plans to mitigate threats and vulnerabilities. You’ll also assist those stakeholders with vulnerable systems or software to understand the risk and find the best and most appropriate solution for the threat. Keeping a constant pulse on threats that may face 2U you’ll provide that timely data to business owners on an appropriate cadence to enable proper management of those risks. You’ll also manage threat and vulnerabilities assessments in coordination with 2U’s compliance team. This role reports directly to the VP, Cybersecurity.
- 10 years of relevant application security, threat and vulnerability management and cybersecurityexperience.
- Strong experience managing and building technical teams including remote employees.
- Strong background in software engineering and leading engineering teams.
- Experience in creating and managing budgets.
- Experience working closely with development teams to develop a Secure Software Development Life Cycle.
- Knowledge of industry certification, audit standards and cyberrisk management.
- Experience developing KPI’s and SLA’s that result in action.
- Experience building and managing threat and vulnerability workflows from discovery to remediation.
- Experience in Agile and Devops environments.
- Strong comprehension of standards like CVE, CPE, CVSS.
- Develop and recommend remediation for vulnerabilities in conjunction with business and system stakeholders.
- Develop and deliver application security strategy
- Develop metrics to report on the efficacy of the threat and vulnerability management program.
- Mature and optimize 2U’s processes and workflows for managing threats and vulnerabilities.
- Create and implement automation wherever possible.
- Lead and manage all aspects of threat and vulnerability management.
- Lead, manage and monitor patch management.
Technology you might have experience with:
- Static code analysis tools
- Continuous integration and continuous delivery tools
- Tenable Nessus, Rapid7 Nexpose
- Any of the number of threat data feeds
- Vulnerability management and compliance processes
- GRC tools (Archer, MetricStream etc)
Books you might own or have read:
- Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
- Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations
- Threat Modeling: Designing for Security
- Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
- Data-Driven Security: Analysis, Visualization and Dashboards
- Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
- NIST SP 800-40