MINDBODY is looking to hire a talented, self-directed individual to join our NOC team as a Vulnerability Remediation Engineer. The candidate will be responsible for analyzing previously-identified vulnerabilities, then prioritizing and implementing remediations in order to continually improve security. Vulnerabilities are from various environments and identified by equally various tools, teams, and methodologies.
The engineer will work with development and QA teams covering diverse technologies and applications to verify that the changes do not impact the functionality of their application. It is critical that this individual apply and follow a process-driven approach, but equally important that they must be able to interact with multiple levels of leadership and build positive, collaborative working relationships. The position will require working with varied backgrounds, both technical and non-technical, and they will be interacting with broad scopes of work and technical standards that will require explanation of how their proposed remediations and their environments will interact.
Success will require a broad technical knowledge that will enable the selected candidate to understand vulnerabilities, their exposure techniques and compensating controls across the full stack of technologies. The ability to communicate clearly and directly using both verbal and written communication is required. The candidate should be able to translate and explain technical concepts from one tech discipline (e.g. networking, virtualization, cloud resources) into other tech disciplines. This role reports to our Sr. Manager, Enterprise Operation Center.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Review vulnerabilities discovered by internal and external tools, penetration testing, and other sources
Analyze vulnerabilities and propose resolutions to various IT operations, security, and risk teams
Plan, manage, and execute projects to remediate vulnerabilities as necessary
Create/update documentation to reflect procedures to prevent or remediate vulnerabilities as detected and resolved
Respond to requests from internal and external compliance, risk, and security teams
Review existing processes and recommend changes or institute new processes as necessary, including the areas of creating/deploying new resources, programs, etc.
Report progress on ongoing/long-term vulnerability resolutions and related projects to various levels of technical and non-technical stakeholders
Communicate requests to IT security and risk teams, with evidence of false positives or requirements of exceptions
Monitor ongoing status/percentage of remediation and advise on trends, forecasts, and make recommendations to address
Ensure adherence to standards, policies, and procedures. This includes maintaining compliance standards within our defined scope for all vulnerabilities
All other duties as assigned
Bachelor's degree in Computer Science or related technical field, or equivalent practical experience. or equivalent practical experience.
2-4 years' experience in a systems administration role (preferably Windows) or equivalent
1-2 years' exposure to administering/engineering Linux servers
2-3 years' experience with Active Directory and constituent services (DNS, Group Policy, AD LDS, etc.)
Expertise in problem solving and analyzing global scale distributed systems.
Familiar with Agile methodology
Strong sense of ownership and teamwork across various technical disciplines
Strong written and verbal communication skills
Positive and professional attitude, with strong attention to detail
NICE TO HAVE:
1-2 years exposure to AWS and Azure PaaS/IaaS and related resources
MCSA in Windows Server, MCSE: Server Infrastructure, or Microsoft Certified: Azure Administrator Associate certification
CEH, ITIL, or other IT risk management/compliance certifications
Experience in compliance and other IT remediation projects
Experience with WSUS, SCCM, Ansible, or other patch management/software deployment systems.