Vulnerability Management Engineer
Vulnerability Management EngineerThe Vulnerability Management Engineer will lead our PVG (Patch and Vulnerability Group) and penetration test initiatives which focuses on running a vulnerability management program to reduce exposure to known vulnerabilities in software and systems (Linux, Windows, AWS, open source, etc.) utilized by athenahealth. This role will be the main contact between the PVG group and various stakeholders, acting as a consultative role with the ability to effectively communicate and make decisions.
Responsibilities include, but are not limited to:
- Utilize technical background to evaluate data (vulnerability scans, pentest results, etc.) to help the company understand risk and impact to athena
- Utilize strong verbal and written communication skills with a variety of stakeholders
- Coordinate with various business and IT stakeholders to understand risk, set prioritization and expectations for system/application owners who will remediate findings
- Develop communication and reporting cadence for internal (employees - e.g. blog posts and talking points) and external (clients) audiences on program profile and high profile vulnerabilities as necessary
- Consult system administrator teams on developing and executing on patching cycles, hardening recommendations, risk assessment, mitigation techniques, remediation testing, etc.
- Scope testing activities with business owners and vendors as necessary
- Conduct meetings with various business owners
- Perform vendor and tool evaluation for things like networking scanning, code analysis to determine the value they provide and whether they meet the needs of athena
- Report on relevant metrics for identification, ownership, and remediation
- Thoroughly document governance (policy/procedure) for the program as well as document assessments
Requirements
- Process oriented and organized
- Working knowledge of offensive security principles and attacker methodologies
- Familiarity with vulnerability/cloud scanning tools such as Qualys or Tenable
- Experience with project and task management tools (such as JIRA) and GRC (such as Archer)
- Familiarity with HIPAA, HITRUST, PCI-DSS requirements
Background
- Linux and Windows systems administration
- Understanding of computer networking principles
- Vulnerability management
- Program/project management
Vulnerability Management EngineerThe Vulnerability Management Engineer will lead our PVG (Patch and Vulnerability Group) and penetration test initiatives which focuses on running a vulnerability management program to reduce exposure to known vulnerabilities in software and systems (Linux, Windows, AWS, open source, etc.) utilized by athenahealth. This role will be the main contact between the PVG group and various stakeholders, acting as a consultative role with the ability to effectively communicate and make decisions.
Responsibilities include, but are not limited to:
- Utilize technical background to evaluate data (vulnerability scans, pentest results, etc.) to help the company understand risk and impact to athena
- Utilize strong verbal and written communication skills with a variety of stakeholders
- Coordinate with various business and IT stakeholders to understand risk, set prioritization and expectations for system/application owners who will remediate findings
- Develop communication and reporting cadence for internal (employees - e.g. blog posts and talking points) and external (clients) audiences on program profile and high profile vulnerabilities as necessary
- Consult system administrator teams on developing and executing on patching cycles, hardening recommendations, risk assessment, mitigation techniques, remediation testing, etc.
- Scope testing activities with business owners and vendors as necessary
- Conduct meetings with various business owners
- Perform vendor and tool evaluation for things like networking scanning, code analysis to determine the value they provide and whether they meet the needs of athena
- Report on relevant metrics for identification, ownership, and remediation
- Thoroughly document governance (policy/procedure) for the program as well as document assessments
Requirements
- Process oriented and organized
- Working knowledge of offensive security principles and attacker methodologies
- Familiarity with vulnerability/cloud scanning tools such as Qualys or Tenable
- Experience with project and task management tools (such as JIRA) and GRC (such as Archer)
- Familiarity with HIPAA, HITRUST, PCI-DSS requirements
Background
- Linux and Windows systems administration
- Understanding of computer networking principles
- Vulnerability management
- Program/project management