Summary of Position:
The Vulnerability Management (VM) Specialist is a key member of the Information Security Department responsible for leading the remediation to externally and internally identified vulnerabilities impacting Crown Holding. This function is performed on a global scale and by collaborating with business and technical partners to resolve systematic vulnerabilities, notify and coordinate remediation efforts with various lines of business and key stakeholders.
This role has a major impact on security and reduction of risk to our company and customers.
Essential Functions:
• Technically administer vulnerability scanners and improve effectiveness and efficiency of the VM platform, process, and procedures
• Enhance VM process with risk-based remediation prioritization approach to address vulnerabilities
• Collaborate with IT and business teams to ensure prompt and effective distribution of vulnerability findings
• Manage remediation activities ensuring appropriate, timely and complete resolutions
• Develop effective metrics to help key stakeholders and business unit understand and lower their risk
• Create and maintain effective documentation of policies, processes, and procedures
• Apply published methodologies and enforce program standards
• Demonstrate ability to conduct cross functional meetings with various stakeholders and effect change
• Employee strong deductive reasoning, critical thinking, problem solving, and organizational skills
• MIS Degree or equivalent work experience and certifications in Information Systems
• 3+ years within Vulnerability Management or risk aligned role which required supporting enterprise vulnerability management and coordination
• Experience with vulnerability scanners and network analysis tools
• Experience working with Security Information Event Management (SIEM), Continuous Monitoring, Intrusion Detection/Prevention Systems (IDPS/PS), Network Traffic Analysis, Incident Response, Endpoint Security Systems, Digital Forensics, WLAN Monitoring and/or Threat Modeling
• Proficient knowledge and understanding of security systems, risks, concepts, and terminology
• Hands-on experience with security aspects of critical technologies (e.g., Azure, Windows, Linux, MVS, Web, LDAP, DBMS, Authentication, Authorization, DNS, Vulnerability Assessment tools).
• Basic scripting knowledge (PS, PERL, Python)
• Strong ability to diagnose and resolve security and system issues
Core Competencies:
• Natural passion for security and strong drive to see both projects and investigations to completion
• High level of personal integrity, and the ability to professionally handle confidential matters
• Have strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
• Functional technical knowledge of infrastructure, networking, architecture, security, and applications
• Ability to effectively collaborate with stakeholders across a global environment.
• Highly organized, capable of understanding large amounts of data and identifying significant risks
• Advanced problem solving and problem-solving skills.