Senior Security Engineer- Vulnerability Management

We are seeking a permanent full-time position Senior Security Engineer- Vulnerability Management

to ensure that cybersecurity is a consideration in the development, operation, and use of all

PrismHR products and processes. This position plays a key role in guiding partners and stakeholders through the processes that address risk from known and emerging cyber threats; while also assisting in maintaining compliance with different cybersecurity frameworks. This position will work closely with the PrismHR cybersecurity team that protects and secures PrismHR business and products. Cybersecurity is key to ensuring and enabling the success of PrismHR; as well as the businesses that rely upon PrismHR's platforms and products.

Responsibilities

• Analyze Application and supporting infrastructure to identify, mitigate, track, and remediate identified vulnerabilities.

• Make recommendations regarding the cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).

• Manage and maintain vulnerability tooling and vulnerability managed service(s) to realize secure application CI/CD pipeline.

• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

• Collaborate with Cyber Defense resources, Infrastructure teams, and Application/Product leads to manage and provide prioritized information to stakeholders.

• Perform system management on specialized cyber defense applications and systems to include installation, configuration, maintenance, backup, and restoration.

• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.

• Assist in assessing the impact of implementing and sustaining cyber defense posture.

• Assess and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of various platforms.

• Identify potential conflicts with the implementation of any cyber defense tools (e.g., tool and signature testing and optimization).

• Prepare reports that identify technical and/or procedural findings, which are accompanied with recommended remediation strategies/solutions.

Qualifications

• 5 to 7 years of experience in securing IT systems with 3 years of direct cybersecurity experience.

• 2 years of experience in securing or utilizing one of the major cloud platforms (Azure, AWS,and GCP) is desired.

• Recognize basic common coding flaws at a high level to support Application Security oversight.

• Expertise in security implications and ability to apply mitigation methodologies within centralized and decentralized environments across the enterprise's computer systems insoftware development

• In depth understanding of security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.

• Knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense processes and audits.

• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

• Strong communication skills to provide information and findings to stakeholders that will support the secure development of applications and deployment of infrastructure (onprem, cloud, and hybrid).

Desired Certifications:

• Certified Information Systems Security Professional (CISSP)
• SANS/GIAC Certification (Various)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)