Vulnerability and Patch Engineer

Vulnerability and Patch Engineer

Vacancy expired!

Job Description:
The Client is looking for a Sr. Vulnerability and Patch Engineer. Under general supervision, this position would be responsible for the creation, testing and deployment of patches for all assets in the network. Strong problem-solving skills, willingness to work independently and collaborate across business units is needed for this position. This role requires night and weekend work. Ability to collaborate with others. Candidates must be skilled in vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and reporting. Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support. Revise processes and procedures, metrics, and documentation that continue to improve the vulnerability management capability.

Qualifications/Experience:

• Bachelor’s degree and/or some relevant work experience in vulnerability management, cyber security and system/network administration is preferred
• Experience patching cloud environments (i.e. Azure, AWS, Google Cloud Platform) servers such as Windows, Linux, VM Ware.
• Minimum of 5 years hands on experience with WSUS, SCCM, Intune, MDM
• Minimum of 5 years designing and implementing complex IT solutions
• Advanced knowledge of Windows 2008/2012/2016/Windows10.
• Mid-level knowledge of network and firewall
• Knowledge of Azure services
• Knowledge of Active Directory, including policies, LDAP, SAML, federated Services
• Knowledge of Office 365
• Knowledge of Altiris is a plus.
• Experience Scripting with PowerShell and Bash experience preferred
• Analytical and problem-solving skills for troubleshooting are required
• Hands experience with Nexpose Rapid 7
• Expert using Excel, Word, PowerPoint
• Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.)
• Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc)
• Excellent oral and written communication skills are required
• Validate proper mitigation controls are in place until remediation activities are complete.
• Act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups
• Ability to assess and articulate actual business risk.
• Develop, document and maintain operation processes and procedures to conform with Enterprise Security Control Standards.
• Provide leadership and direction on initiatives relating to information security and the Vulnerability Management Program.
• Demonstrated understanding of infrastructure and cloud vulnerability scanning and configuration

• Strong knowledge of security technologies and architecture. Knowledge of IDS/IPS, DNS, DCHP, DMZ architecture, Active Directory, Proxies, Cloud architecture technologies and VPNs to name a few.
• Strong understanding of network services, vulnerabilities and attacks. Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in configuration of web servers, file servers, and workstations
• Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
• Configure deployment of scan appliances, creation of option profiles, scanning schedules around high-risk vulnerabilities
• extensively with engineering teams to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.
• You will support implementation and operations best practices while taking ownership of tasks and/or project work-streams, assist and perform analysis and diagnosis of issues related to technology configuration, setup, procedural and/or process challenges, and contribute to deliverables of the team

• Candidates must be familiar with CVEs, CVSS, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best-practices

• Maintenance of all contacts and documentation.