Job Description: The Client is looking for a Sr. Vulnerability and Patch Engineer. Under general supervision, this position would be responsible for the creation, testing and deployment of patches for all assets in the network. Strong problem-solving skills, willingness to work independently and collaborate across business units is needed for this position. This role requires night and weekend work. Ability to collaborate with others. Candidates must be skilled in vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and reporting. Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support. Revise processes and procedures, metrics, and documentation that continue to improve the vulnerability management capability.
Qualifications/Experience:
Bachelor’s degree and/or some relevant work experience in vulnerability management, cyber security and system/network administration is preferred
Experience patching cloud environments (i.e. Azure, AWS, Google Cloud Platform) servers such as Windows, Linux, VM Ware.
Minimum of 5 years hands on experience with WSUS, SCCM, Intune, MDM
Minimum of 5 years designing and implementing complex IT solutions
Advanced knowledge of Windows 2008/2012/2016/Windows10.
Mid-level knowledge of network and firewall
Knowledge of Azure services
Knowledge of Active Directory, including policies, LDAP, SAML, federated Services
Knowledge of Office 365
Knowledge of Altiris is a plus.
Experience Scripting with PowerShell and Bash experience preferred
Analytical and problem-solving skills for troubleshooting are required
Hands experience with Nexpose Rapid 7
Expert using Excel, Word, PowerPoint
Familiarity with vulnerability management security tools (Nexpose, Qualys, Microsoft Advanced Threat Protection (MDATP), Tenable, Nessus etc.)
Familiarity with issue/ticket tracking systems (Jira, ServiceNow, etc)
Excellent oral and written communication skills are required
Validate proper mitigation controls are in place until remediation activities are complete.
Act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups
Ability to assess and articulate actual business risk.
Develop, document and maintain operation processes and procedures to conform with Enterprise Security Control Standards.
Provide leadership and direction on initiatives relating to information security and the Vulnerability Management Program.
Demonstrated understanding of infrastructure and cloud vulnerability scanning and configuration
Strong knowledge of security technologies and architecture. Knowledge of IDS/IPS, DNS, DCHP, DMZ architecture, Active Directory, Proxies, Cloud architecture technologies and VPNs to name a few.
Strong understanding of network services, vulnerabilities and attacks. Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in configuration of web servers, file servers, and workstations
Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
Configure deployment of scan appliances, creation of option profiles, scanning schedules around high-risk vulnerabilities
extensively with engineering teams to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.
You will support implementation and operations best practices while taking ownership of tasks and/or project work-streams, assist and perform analysis and diagnosis of issues related to technology configuration, setup, procedural and/or process challenges, and contribute to deliverables of the team
Candidates must be familiar with CVEs, CVSS, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best-practices
Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.