Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Cyber Security Risk Vulnerability Engineer

E

Evolver

Cyber Security Risk Vulnerability Engineer

San Francisco, CA
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    EVOLVER IS SEEKING A CYBER SECURITY RISK VULNERABILITY ENGINEER TO JOIN OUR TEAM AND WORK IN SAN FRANCISCO, CA.

    Cybersecurity Engineer will help develop the clients next gen vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning and remediation tracking and governance.

    • Work with outside vendors to coordinate pen tests and review and interpret findings to the various system owners;
    • Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and firm impact;
    • Leverage the clients inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress;
    • Provide technical assistance for understanding vulnerability remediation and will serve as a subject matter expert on remediation as well as operating system, application and firmware patching. Will work in collaboration with the IT staff and service owners.
    • Manage and maintain Vulnerability Scanners.
    • Research & Evaluate threats and vulnerabilities to assist in prioritization of remediation actions.

    QUALIFICATIONS:

    • 8-10+ years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
    •  
    • Minimum four years of cyber security and vulnerability management or penetration testing techniques and validation of results.
    • Experience in deploying and operating vulnerability scanning infrastructure and services.
    • Strong foundational knowledge of computer hardware, network hardware and architecture.
    • Advanced knowledge of Server and PC operating systems​​
    • Public Key Infrastructure
    • Data Encryption/Cryptography standards
    • Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)
    • Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
    • Strong verbal and written communication skills.
    • Experience with End Point Security Management
    • High level expertise with Windows operating system to include scripting and the ability to explain the impact of how vulnerabilities apply to the system.
    • Understand and be able to translate to a non-technical audience, penetration test findings, impact and recommendations.
    • Have the ability to analyze a vulnerability finding and determine if the vulnerability truly applies or if it's a false positive and technically explain why it's a false positive.
    • Ability to assess risks related to vulnerabilities and recommend resolutions or risk reduction mitigations.
    • Ability to collect and synthesize information in an audit worthy format and content. Attention to detail is a requirement.
    • Have a highly technical understanding of threats and vulnerabilities.
    • Optional but not required: Penetration testing experience including in depth knowledge of testing tools and techniques.

    TECHNICAL REQUIREMENTS:

    • -Reviewing the InfoSec Intake Form, security documentation, partaking in vendor interviews, and demonstration of the solution to evaluate and formulate the risk rating of the solution. Complete the risk matrix spreadsheet, and slide presentation with the solution's identified inherent risks and present them to the requester in "close out" results meeting.
    • -Responsible for Risk Register - Responsible for collecting risks from the InfoSec team (as well as other IT departments), determining the risk rating and assess key information prior to inputting into the register. Communicating with the Technology Risk Management department regarding the risk details and respond to any questions prior to the risks being reported to the Risk Management Working Group.
    • -Various Risk Assessments and special projects - Responsible for various lengths (short/long/ongoing) of risk assessments to determining risks for projects/solutions and creating presentations to the requestors/the business in a results meeting. Document risks in the risk register.
    • -Application administrator - In charge of being the administrator to various security applications. Provisioning, de-provisioning accounts. Adding and removing content and working closely with the vendor with issues, new features, and overall functionality.
    • -Enhance/Develop processes - Responsible for enhancing current processes by streamlining, adding tools/applications, and or integrations. Streamlining include: Vendor/Technology Risk Assessments, and Annual InfoSec top tier vendor assessments. Incorporation of applications: (RiskRecon) to the vendor risk assessment process. Note: Vendor Portal/Cyber GRX. Integrations: RiskRecon integration with RSA Archer.
    • -Support CISO - Complete various tasks requested by the CISO that include but are not limited to the following: Assist with managing small projects. Completing research for projects and solutions. Create slide presentations. Review contracts and completed a security analysis on them.
    • -Review security settings and determined the correct risk rating for each setting for various applications.
    • -Creating best practices and safe use for various applications/technology.
    • -Experience/deep understanding of SOC 2 reports, and security questionnaires (SIG).
    • -Experience/understanding of ISO 27001 certification.
    • -RSA Archer experience highly desired.
    • -NIST 800-30 experience desired.
    • -Research skills regarding InfoSec security, keeping up to date, best practices, vulnerabilities, risks, etc.
    • -Knowledge or experience with RiskRecon, Security Scorecard type of solution.
    • -Knowledge or experience with FAIR model for risk assessments.

    TRAINING AND CERTIFICATIONS: Certifications a plus:

    • -Experience/deep understanding of SOC 2 reports, and security questionnaires (SIG).
    • -Experience/understanding of ISO 27001 certification.
    • -RSA Archer experience highly desired.
    • -NIST 800-30 experience desired.
    • -Research skills regarding InfoSec security, keeping up to date, best practices, vulnerabilities, risks, etc.
    • -Knowledge or experience with RiskRecon, Security Scorecard type of solution.
    • -Knowledge or experience with FAIR model for risk assessments. CISSP, Comptia CASP/Security+, ISACA CISM

    Company Description

    At Evolver, a CSS Company, we foster teamwork, growth, individuality and entrepreneurialism. We value employee opinions and encourage them to make a difference by getting involved and being thought-leaders. As a part of the team, we actively promote a working and learning environment that supports a highly qualified workforce and a quality of work life that is based on trust and respect for all employees resulting in a healthy and trusting organizational culture. Evolver, a Converged Security Solutions, Inc. is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, gender identity, disability or veteran status.

  • Industry
    Government Administration