Senior Security Specialist

Job Description

City:Burbank, CA/ Orlando, FL/ Seattle, WA/ New York, NY/ Bristol, CT

Onsite/ Hybrid/ Remote:4 days a week onsite

Duration:12 months

Rate Range:$69 to $78/hr inW2dependingon experience (no C2C or 1099 or sub-contract)

Work Authorization:US Citizens or GC candidates only

INTAKE NOTES:

-Needs someone customer service focused with an Information Security Program

Working with a team of 11 people

-Going through vulnerability results

-Reporting validation to ensure vulnerability is valid

-Validation after remediation

Program Support: Enable execution of vulnerability management program through meeting facilitation, activity measurement, partner engagement, and program education

Vulnerability Validation: Validate remediation for prioritized vulnerabilities, verify false positives, remediation barrier analysis and facilitate problem-solving

Continuous Improvement: Identify and execute on improvement and expansion opportunities for enterprise vulnerability management services

Reporting: Vulnerability management program effectiveness and efficiency and perform targeted historical analysis

CISSP Certified Information Systems Security Professional-preferred but not required

Requirements

Job Description:

The Global Information Security (GIS) group provides services and solutions to protect the value and use of clients information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando.

Basic Qualifications:

In order to ensure that our services keep secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes:

1. Analysis of known and emerging threats to determine risks against assets

2. Creation, maintenance, governance and communication of security policies and standards

3. Assessment and audit of compliance against the security policies and standards

4. Assurance that assets are effectively managed and monitored to meet security criteria

We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are

continuous learners, passionate about information security and love their work.

Manage end-to-end Enterprise Vulnerability Management (EVM) process with a focus on the segment

Monitor and track results of vulnerability detection tooling and research remediation actions

Validate in place mitigations for effectiveness for risk reduction

Act as Change Manager per segment process to ensure mitigation/remediation actions are tested, validated, and approved per business process

Perform hands on validation through manual testing techniques

Author scripts to perform automated vulnerability validation to ensure that remediation resources are priotized effectively

Analyze and understand segment capabilities and ensure that minimum vulnerability controls are adhered to in the most efficient manner

Perform data analysis of vulnerability tooling output to determine where to focus remediation resources

Prepare weekly vulnerability reporting and meet with asset owners to prioritize remediation resources

Ensure the accuracy/completeness of Segment data in appropriate systems of record

Coordinate EVM remediation actions across multiple Asset Owners, operating systems, applications, technologies, and Business Units / Segments

Operate as liaison between segment Asset Owners and Management for extension and exception requests

Coordinate Continual Service Improvement efforts by analyzing trends of non-compliance, determine root cause analysis and influence corrective actions

Coordinate critical vulnerability patch process

Assist in off-cycle remediation efforts (e.g. PCI penetration test remediation)

Communicate process changes or improvements to responsible areas of the business segment

Partner with suppliers, support groups, and Asset Owners to review and establish expectations with handling vulnerability remediation actions, process awareness, process training, and performance of respective segment

Report on effectiveness and non-compliance in regards to program and remediation efforts

Proactivly brief segment security leadership on risk and escalate when necessary

Project management of segment vulnerability management projects

Validate vulnerabilities remediated through manual testing, including verification of ability to verify false positives

Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and recommend corrective measures

Support execution of segment vulnerability management program through meeting facilitation, activity measurement, customer engagement, and program education

Identify and execute on continuous improvement and expansion opportunities for segment vulnerability management services

Perform data analysis of diverse and historical data sets in support of vulnerability management project and program decisions

Evangelize the vulnerability management program and facilitate customer collaboration for program improvement

Foster and enhance segment relationships by establishing a robust Segment Community of Practice program to keep partners engaged and on track for success

Preferred Qualifications:

An understanding of systems and related interfaces to assess proposed system remediation actions and weigh potential impact to applications

A background in information security disciplines and vulnerability management

Broad knowledge of infrastructure, operating system, public cloud hosting services, and application technologies

Ability to quickly perform in-depth analysis across diverse technologies implemented in a complex environment

Familiarity with writing and publishing information security advisories

Job Description: The Global Information Security (GIS) group provides services and solutions to protect the value and use of client's information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives. GIS teams are located in Seattle, Burbank, and Orlando. Basic Qualifications: In order to ensure that our services keep secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology. This process includes: 1. Analysis of known and emerging threats to determine risks against assets 2. Creation, maintenance, governance and communication of security policies and standards 3. Assessment and audit of compliance against the security policies and standards 4. Assurance that assets are effectively managed and monitored to meet security criteria We look add people to our team who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work. Manage end-to-end Enterprise Vulnerability Management (EVM) process with a focus on the segment Monitor and track results of vulnerability detection tooling and research remediation actions Validate in place mitigations for effectiveness for risk reduction Act as Change Manager per segment process to ensure mitigation/remediation actions are tested, validated, and approved per business process Perform hands on validation through manual testing techniques Author scripts to perform automated vulnerability validation to ensure that remediation resources are priotized effectively Analyze and understand segment capabilities and ensure that minimum vulnerability controls are adhered to in the most efficient manner Perform data analysis of vulnerability tooling output to determine where to focus remediation resources Prepare weekly vulnerability reporting and meet with asset owners to prioritize remediation resources Ensure the accuracy/completeness of Segment data in appropriate systems of record Coordinate EVM remediation actions across multiple Asset Owners, operating systems, applications, technologies, and Business Units / Segments Operate as liaison between segment Asset Owners and Management for extension and exception requests Coordinate Continual Service Improvement efforts by analyzing trends of non-compliance, determine root cause analysis and influence corrective actions Coordinate critical vulnerability patch process Assist in off-cycle remediation efforts (e.g. PCI penetration test remediation) Communicate process changes or improvements to responsible areas of the business segment Partner with suppliers, support groups, and Asset Owners to review and establish expectations with handling vulnerability remediation actions, process awareness, process training, and performance of respective segment Report on effectiveness and non-compliance in regards to program and remediation efforts Proactivly brief segment security leadership on risk and escalate when necessary Project management of segment vulnerability management projects Validate vulnerabilities remediated through manual testing, including verification of ability to verify false positives Perform barrier analysis on vulnerability remediation and work with Information Security and Operations teams to identify and recommend corrective measures Support execution of segment vulnerability management program through meeting facilitation, activity measurement, customer engagement, and program education Identify and execute on continuous improvement and expansion opportunities for segment vulnerability management services Perform data analysis of diverse and historical data sets in support of vulnerability management project and program decisions Evangelize the vulnerability management program and facilitate customer collaboration for program improvement Foster and enhance segment relationships by establishing a robust Segment Community of Practice program to keep partners engaged and on track for success Preferred Qualifications: An understanding of systems and related interfaces to assess proposed system remediation actions and weigh potential impact to applications A background in information security disciplines and vulnerability management Broad knowledge of infrastructure, operating system, public cloud hosting services, and application technologies Ability to quickly perform in-depth analysis across diverse technologies implemented in a complex environment Familiarity with writing and publishing information security advisories