SecOps Lead

• Managing vulnerability testing tools, scheduling and creating scans, working with tech teams to remediate issues
• Lead a team of vulnerability analysts and coordinate with managed security service providers
• Report on vulnerabilities and the overall health of the vulnerability management program
• Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation
• Working with clients to resolve public facing vulnerabilities in our applications and associated infrastructure
• Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary
• Create metrics for management reporting
• Coordinate with internal and external auditors
• Coordinate Security RFP responses
• Maintain document repository and audit book
• Monitor for new vulnerabilities (US-CERT, NVD, CVE, Twitter)
• Maintains monthly status reports for RFPs/Vulnerabilities/Security Training
• Maintains ticketing system
• Tracks and coordinates SecOps projects
• Develop and maintain a calendar for the above activities
• Improve SecOps efficiency, maintain workflows and collaboration
• Participates in finding process improvement opportunities, provides solutions and participates in implementation of changes

• Familiarity with vulnerability assessment tools and manual testing practices for Applications and Systems (Qualys, InsightVM, Metasploit, Burpsuite, Veracode)
• 3+ years performing vulnerability management
• Ability to plan, organize, prioritize and independently solve problems seeking help when necessary
• Strong communication skills, very proactive and results oriented
• Knowledge of software development processes and concepts
• Understanding of OWASP, USCERT, NIST, ISO 27001/270002 a plus
• Ability to meet deadlines
• Proficient with Linux
• Proficient with Microsoft Office
• Ability to stay calm under pressure and the ability to set customer expectations and clearly follow through to meet them

Understanding of OWASP, USCERT, NIST, ISO 27001/270002

• Comprehensive medical coverage, with dental, vision and life insurance
• Competitive 401(k) plan with employer matching
• Unlimited flexible time off (FTO)
• World-class training that keeps you at the forefront of innovation