Job Description
This position is for our large Software client who specializes in offering secure cloud solutions with their SaaS products.
This role serves as a "hands-on" senior-level security development engineer who will the responsible for interfacing with security engineering, operations, security and SAP build teams. This individual will assist the GRC (Governance, Risk, Control) Assurance and SOC Vulnerability Management teams with the initial triage of vulnerabilities, using knowledge and experience to product an actional items for operations, or as necessary, and be point for escalations to the Cloud Build teams. This individual will review other team member responses and use in consideration of the final list. Additionally, this individual will be supporting the various assessments/audits by participating in interviews, managing operation and engineering escalations in support of assessment and audit activities. This can include, but not limited to, providing assistance and guidance on how the security controls are being addressed through automation, configuration or build as well as gathering evidence for the assessors. As required, this individual will also shepard vulnerabilities and/or findings through the remediation process.
Skills required:
- Experience with best practice identification and response to operating system and web application vulnerabilities, such as patching or otherwise mitigating known security issues.
- Ability to communicate complex security vulnerabilities to various audiences ranging in technical knowledge.
- Experience with scanning tools including Nessus, WebInspect and/or container scanners such as Clair, Trivy, Grype
- Exposure to information security standards such as DISA STIGs or CIS. - Previous work with immutable image deployments/architecture.
- Experience leading efforts across multiple groups and security boundaries toward common goals.
- Ability to debug and optimize code and automate routine tasks.
- Systematic problem-solving approach coupled with strong communication skills and a sense of ownership and drive
Day to day duties:
- Responsible for the reviewing vulnerabilities' data from multiple sources (external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and a changing environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets.
- Work closely with our Security Operations and Governance, Risk and Compliance teams to maintain compliance that meet or exceed required standards.
- Participate in improving and automating existing vulnerability management lifecycle. Including but not limited, data ingestion & normalization, compliance metrics and detections on assets.
- Assist in partnering with tools and technology teams to troubleshoot, develop, select, implement, and automate appropriate security solutions to keep system data protected from internal and external threats.
- Scale systems sustainably through mechanisms like automation and evolve systems by pushing for changes in reliability, security, and velocity.
- Review web, operating system and container scans in conjunction with Splunk report for status and remediation of vulnerabilities within NS2 various environments.
- Interfaces with the various NS2 and SAP teams to effectively communicate the risks of identified vulnerabilities and make recommendations to mitigate identified risks.
- Stay current with vulnerability information across all the products in the SAP NS2 environments.
- Provide technical support for vulnerability management and continuous monitoring projects.
- Provides analysis and validation post remediation, identify opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
-Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
- Participate in the initial triage of vulnerabilities to produce actionable items for Vulnerability Management Teams, Operations Teams, and if necessary, escalation of findings to SAP Parent company.
- Assign and track vulnerability findings to appropriate teams via NS2 ticketing systems. For escalation, the SAP ticketing systems will be utilized
- Participate in various assessment and certification processes via interviews and evidence collection.
- Work with Sovereign Cloud engineering teams to meet federal, state and local regulations and compliance requirements.
Required Skills & Experience
- 4+ years of Systems Security or Cyber security experience
- 2+ years of experience with Nessus and Tenable for vulnerability scanning
- Experience with STIGs and SRGs (security regulation guides)
- Experience with vulnerability management and the risk management framework
- 1-2 years of experience working with cloud platforms, AWS, GCP, or Azure
Nice to Have Skills & Experience
- Experience working within Splunk Enterprise Security for investigations
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.