Home » Jobs » Vulnerability Management Specialist

Vulnerability Management Specialist

Summary of Position:
The Vulnerability Management (VM) Specialist is a key member of the Information Security Department responsible for leading the remediation to externally and internally identified vulnerabilities impacting Crown Holding. This function is performed on a global scale and by collaborating with business and technical partners to resolve systematic vulnerabilities, notify and coordinate remediation efforts with various lines of business and key stakeholders.
This role has a major impact on security and reduction of risk to our company and customers.
Essential Functions:
•    Technically administer vulnerability scanners and improve effectiveness and efficiency of the VM platform, process, and procedures
•    Enhance VM process with risk-based remediation prioritization approach to address vulnerabilities
•    Collaborate with IT and business teams to ensure prompt and effective distribution of vulnerability findings
•    Manage remediation activities ensuring appropriate, timely and complete resolutions
•    Develop effective metrics to help key stakeholders and business unit understand and lower their risk
•    Create and maintain effective documentation of policies, processes, and procedures
•    Apply published methodologies and enforce program standards
•    Demonstrate ability to conduct cross functional meetings with various stakeholders and effect change
•     Employee strong deductive reasoning, critical thinking, problem solving, and organizational skills

Job Requirements

•    MIS Degree or equivalent work experience and certifications in Information Systems
•    3+ years within Vulnerability Management or risk aligned role which required supporting enterprise vulnerability management and coordination
•    Experience with vulnerability scanners and network analysis tools
•    Experience working with Security Information Event Management (SIEM), Continuous Monitoring, Intrusion Detection/Prevention Systems (IDPS/PS), Network Traffic Analysis, Incident Response, Endpoint Security Systems, Digital Forensics, WLAN Monitoring and/or Threat Modeling
•    Proficient knowledge and understanding of security systems, risks, concepts, and terminology
•    Hands-on experience with security aspects of critical technologies (e.g., Azure, Windows, Linux, MVS, Web, LDAP, DBMS, Authentication, Authorization, DNS, Vulnerability Assessment tools).
•    Basic scripting knowledge (PS, PERL, Python)
•    Strong ability to diagnose and resolve security and system issues

Core Competencies:
•    Natural passion for security and strong drive to see both projects and investigations to completion
•    High level of personal integrity, and the ability to professionally handle confidential matters
•    Have strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
•    Functional technical knowledge of infrastructure, networking, architecture, security, and applications
•    Ability to effectively collaborate with stakeholders across a global environment.
•    Highly organized, capable of understanding large amounts of data and identifying significant risks
•    Advanced problem solving and problem-solving skills.

10 – 20%