Principal Systems/Security Vulnerability Management Leadis required to address the rapid growth of Nuance's cloud services infrastructure. An experienced, security-conscious Systems/Security Vulnerability Management Lead is required to plan, lead and implement vulnerability management activities. This position is essential to enable the growth and security of our global infrastructure.
Prinicipal Duties and Responsibilities:
- End-to-end Vulnerability Management: Analyze findings, improve the program, identify false positives, prepare patches and fixes, apply fixes
- Owning Vulnerability Management across Development, Platform, and Networking teams
- Engineer secure computing infrastructure solutions to satisfy our Vulnerability Management Program’s objectives across all Nuance Enterprise product lines.
- Research, identify and implement best security practices for all systems and service deployments.
- Monitor common vulnerability exposure databases (CVE) and identify vulnerabilities to prevent exposure to all known and potential threats.
- Research and analysis of vulnerabilities, identify relevant threats, and recommend corrective actions based on summarized reporting results.
- Develop methods for addressing vulnerabilities include system patching, deployment of specialized controls, infrastructure changes, and changes in deployment processes.
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners teams.
- Participate in the development and deployment of security tools and security processes to enhance deployment productivity and efficiency.
- Determine, evaluate and maintain asset criticality for infrastructure scanning purposes
- Regular vulnerability scan report and analytics generation (dashboard automation) from tools such as Rapid7 InsightVM/Nexpose and ASV
- Ensure adherence to Nuance security standards and policies, SLAs.
Education:Bachelor's degree or greater in Computer Science or related field; or equivalent experience
Minimum years of experience : 8+ years in designing, configuring, and remediating complex secured computing environments
- Systems engineering vulnerability management lead
- 7+ years in designing, configuring, and remediating complex secured computing environments
- Strong understanding of patching of: Windows, Linux, VMWare, web server such as Apache/Tomcat and other web application platforms
- Assist with building out CI/CD pipeline integration and vuln. scanning
- Demonstrated problem solving, capacity planning and process creation skills.
- Excellent leadership, interpersonal and communication skills.
- Demonstrated ability to work effectively in a fast-paced, changing environment.
- Attention to detail with methodical problem-solving approach.
- Excellent time management skills.
- Strong scripting experience in one’s preferred language of choice E.g. Python
- Security Certifications strongly desired (e.g. CISSP, CISA, CEH, OSCP, CCSP, Security+ Certifications)
- Experience with Rapid InsightVM or Tenable Nessus preferred
Key Attributes for success are:
- Positive attitude
- Entrepreneurial mindset within a corporate organization
- Team-oriented and having strong interpersonal skills