In this role, the candidate will collaborate with technology and business personnel in the areas of Bot Mitigation, Vulnerability Management, and Minimum Security Baselines. The candidate must be able to reliably achieve program objectives, address uncertainty, and act with integrity. The candidate will be a subject matter expert as it relates to the awareness of vulnerabilities and threats and how they affect the company environment. The candidate should have advanced, in-depth knowledge of information security governance, risk, vulnerability management lifecycle, vulnerability management remediation, minimum security baselines, and the ability to apply these concepts within their work environment. Specific experience with bot mitigation solutions and concepts is also required.
- Support technology compliance through management of vulnerability management platform
- Coordinate the remediation of vulnerabilities through stakeholder reporting and engagement of technology owners
- Creation and on-going management of minimum security baselines, security metrics and key performance indicators (KPIs)
- Truly understand the potential types of attack and protection/mitigation for digital online client facing systems (such as DDos, Bot, WAF, password policies end etc.)
- Ability to write scripts using bash, PowerShell, Python, Perl, etc.
- Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST).
- Experience working within an SDLC for large and complex development teams with a focus on DevOps practices
- Experience in IT security triaging incidents with security and analysis tools such as web application firewall, bot management, SIEM
- Vulnerability Management Platform experience
- Partner with business and IT teammates as a trusted advisor on information security governance, risk, and compliance matters as required
- Bachelor's Degree or equivalent experience
- 5-7 years of experience
- CISA (preferred not required)
- CISSP (preferred not required)
- CRISC (preferred not required)