We are currently lookin for a Vulnerability Management Engineer, to be a key member of the Information Security team. You’ll identify vulnerabilities via scanning and/or direct integration with native Cloud vulnerability tools, validate findings, prioritize within the context of our environment, assign to the correct owner (primarily focused on production environments, engineering, and to a lesser extent IT), and follow up on status. You’ll use your expertise and creativity to establish a process that is as automated as possible, while also recognizing sometimes you just need to roll up your sleeves and do the manual data analysis, reporting, and vulnerability assignments when required.

Key Responsibilities:

• Own vulnerability scanning and management across traditional infrastructure and cloud environments (GCP and AWS primarily)
• Partner with Compliance to deliver required evidence and to ensure appropriate levels of scanning occur (PCI-DSS, etc.)
• Triage, validate, and prioritize found vulnerabilities based on not only severity of vulnerabilities according to industry standards, but also in relation to your knowledge of the Five9 computing environments
• Be a trusted advisor to stakeholders who may need explanation and consultation regarding details around vulnerabilities, prioritization, and remediation plans
• Ensure scanning is completed within very strict and tight maintenance windows across multiple production environments
• Using Jira, provide dashboards and reporting on progress of assigned vulnerabilities. You are not responsible for remediation, but are responsible to report out on status of open items to raise visibility across the organization

Key Qualifications:

• The ability to sift through large data to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools
• A strong background contributing to or running a vulnerability management program 
• An understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices
• Deep knowledge of vulnerability and/or configuration management scan tools, specifically Rapid7 and Qualys
• To have scanned AWS, Azure, and Google Cloud platforms
• Familiarity with infrastructure vulnerabilities and risk assessments
• Strong interpersonal skills (written and oral communication)
• Experience with remote collaboration
• The ability to articulate complex issues to executives and internal customers
• To be adaptable to evolving situations 

Experience with any of the following is a plus:

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle
• You have leveraged cloud native vulnerability scanning tools such as AWS Inspector as part of your vulnerable management program experience
• Ability to automate, integrate, and script tasks using your preferred language
• Ability to work with and write scripts against common web APIs

#LI-Remote
#LI-RN1