Vulnerability Management Engineer
Share
Job Location:
Salary:
Posted on:
Vacancies:
Job Summary
Come join Deepwatchs team of world-class cybersecurity professionals and the brightest minds in the industry. If youre ready to challenge yourself with work that matters then this is the place for you. Were redefining cybersecurity as one of the fastest growing companies in the U.S. and we have a blast doing it!
Who We Are
Our core values drive everything we do at Deepwatch including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch every decision process and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values we create a culture of excellence that is dedicated to empowering our team members to explore their potential expand their skill sets and achieve their career aspirations which is supported by our unique annual professional development benefit.
Deepwatch recognition includes:
- and 2021 Great Place to Work Certified
- 2024 Military Times Best for Vets Employers
- 2024 US Department of Labor Hire Vets Gold Award
- 2024 Forbes Americas Best Startup Employers
- 2024 Cyber Defense Magazine Global Infosec Awards
- 2023 and 2022 Fortress Cybersecurity Award
- 2023 $180M Series C investment from Springcoast Capital Partners Splunk Ventures and Vista Credit Partners of Vista Equity Partners
- 2022 Cybersecurity Excellence Award for MDR
Vulnerability Management Engineer
Hybrid Tampa FL
Reporting to the Senior Manager Platform Security Services the Vulnerability Management Engineer will be responsible for overseeing the operation of vulnerability assessments for assigned customers implement and oversee scanning technologies to discover prioritize security flaws for remediation and collaborate with system/application owners to facilitate the remediation and closure of vulnerabilities.
The Vulnerability Management Engineer will operationally integrate with the customers patch management activities and perform validation of applied and/or missing patches. Additionally they will perform security testing on pre-production systems and applications to close vulnerabilities prior to production deployment.
In this role youll get to own:
Vulnerability Lifecycle & Managed Services
- Deliver vulnerability management as a service overseeing multiple workstreams while meeting specific service-level (SLA) commitments.
- Manage the full remediation lifecycle by collaborating with infrastructure and application owners on security hot-fixes and patch validation.
- Perform discovery and grouping of network-connected systems to ensure comprehensive scanning across networks OSs apps and databases.
- Conduct regular scans on both production and pre-production deployments to identify flaws before and after release.
- Create remediation reports and dashboards to track vulnerabilities and remediations
- Assist with attestation scan and compliance report
Risk Analysis & Technical Strategy
- Analyze vulnerabilities to filter false positives and prioritize remediation based on the actual risk of exploitation.
- Develop remediation action plans and generate tickets for system owners to address identified flaws.
- Speak in-depth on hardening guidelines (NIST CIS) and implement mitigation factors (Firewalls IDS/IPS) to reduce risk when patching isnt immediate.
- Analyze new technologies zero-day threats and reviews of new technology released by supported vendors to provide mitigation strategies.
Operations Mentorship & Documentation
- Develop and document Standard Operating Procedures (SOPs) and assist in maintaining automation and scripting tools.
- Support cyber incident response teams with vulnerability discovery and identification during crisis management.
- Mentor coach and train other team members while producing educational content like blog posts and vulnerability summary sheets for customers.
- Handle customer escalations regarding technology or remediation issues to ensure successful service delivery.
To be successful in this role youll need to:
- Demonstrate strong customer service and communication skills both oral and written with the ability to build relationships at all levels
- Possess experience and demonstrated success developing and managing an organizational vulnerability management program
- Demonstrate fundamental knowledge of network vulnerability scanning technologies
- Demonstrate an understanding of Web Application Security vulnerabilities and mitigating defenses
- Possess experience with vulnerability remediation management and patching
- Have knowledge of vulnerability management best practices from NIST ISO PCI OWASP and CIS
- Possess experience in deploying and operating vulnerability scanning infrastructure services and solutions
- Leverage fundamental technical skills in the following areas:
- Active Directory
- Windows
- Linux
- Networking
- Are proficient in the use of data manipulation dashboard and reporting tools
- Have earned industry recognized certifications such as GEVA CISSP CISM GPEN GIAC CISA etc.
- Possess security consulting or managed services experience
Statutory Pay Disclosure:
The anticipated salary range for this role is $11500 - $130000 stock options benefits. Actual compensation may vary from posted hiring range based upon geographic location work experience education and/or skill level.
ITAR Compliance
This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application candidates will be asked to confirm that they are a U.S. Person as defined by the following:
- A citizen of the U.S.;
- A lawful permanent resident of the United States;
- A person admitted to the United States as a refugee; or
- A person that has been granted asylum by the United States government.
The intent of this requirement is not to verify employment eligibility overall but to ensure compliance with import/export regulations. If you do not meet these requirements we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.
What We Offer:
Deepwatch is excited to provide benefits designed to support team members and their families. Including:
- Medical dental vision and disability insurance
- Flexible Time Off (FTO) 12 company holidays sick leave and 8-Weeks Paid Parental Leave
- Unique professional development benefits with Annual development dollars to support our people growth and development
- Wellness contests and monthly educational programs
- 401(K) retirement program
- Learn more here: Deepwatch Benefits
We know theconfidence gapandimposter syndrome can get in the way of meeting spectacular candidates so please dont hesitate to apply wed love to hear from you. Please review our DEI Statement here.
- Be interested in and able to work remotely from a home office when not at a corporate office
- Pass a pre-employment background check in accordance with applicable laws
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race color religion sex national origin age disability status marital status sexual orientation gender identity genetic information protected veteran status or any other characteristic protected by compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
By submitting your application you agree that Deepwatch may collect your personal data for recruiting global organization planning and related purposes. The Deepwatch Privacy Policy explains what personal information we may process where we may process your personal information our purposes for processing your personal information and the rights you can exercise over Deepwatchs use of your personal information.
Required Experience:
IC
Key Skills
- Network security
- SQL
- Active Directory
- Information Technology
- Protocols
- Tcp/IP
- BGP
- Routers
- Infrastructure
- Linux
- Internet
- Juniper
- DoD
- hardware
- Technical Support
About Company
The Leading Managed Security Platform for the Cyber Resilient Enterpriseā¢, providing advanced threat detection & response capabilities backed by experts.
