This position will be fully remote and can be hired anywhere in the continental U.S.

The Principal Vulnerability Management Engineer’s primary role is to build, implement, maintain, and support vulnerability management initiatives. The Engineer works with team members and system support personnel with issues related to vulnerability identification, remediation, and policy administration.

How you’ll make an impact

• Analyze and addressing security gaps for technologies within client infrastructure

• Identify distributed systems security issues as they arise and coordinate with the technology owners to ensure that issues are addressed and resolved in a timely basis

• Execute technical risk assessment activities for scoped environments

• Perform reporting of findings, issue resolution and management of findings

• Support client infrastructure assessments, audits and external exams

• Provide effective, accurate and timely reporting

• Participate in Information Security remote/table-top assessments

• Identify high/critical risk findings and lead risk findings to resolution

• Identify control deficiencies through gap analyses and identifying underlying root cause

• Designing, implementing, and collaborating on a range of information security metrics and performance reports

• Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies

• Analyze control results in an objective and quantifiable manner

• Produce detailed documentation of assessments and perform threat analysis of gaps identified

• Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks

• Validate evidence from vendors, before remediation plans are closed

What we’re looking for

• 7 years of administrating vulnerability management systems (Qualys, Rapid7, Tenable, Contrast, Prisma Cloud etc.)

• Exceptional critical thinking and problem solving skills

• Expert knowledge of vulnerability management lifecycle, including remediation

• Ability to analyze device and traffic logs, extensive knowledge of TCP/IP protocol stack

• Additional skills in identifying automation and remediation opportunities is desirable; identifying and developing processes to effectively and efficiently replace manual reporting or validation efforts

#LI-TW1

#LI-Remote

What you can expect from Optiv

• A company committed to our inclusive value through our Employee Resource Groups

• Work/life balance

• Professional training resources

• Creative problem-solving and the ability to tackle unique, complex projects

• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.

• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.

Analyze and addressing security gaps for technologies within client infrastructure. Identify distributed systems security issues as they arise and coordinate with the technology owners to ensure that issues are addressed and resolved in a timely basis. Execute technical risk assessment activities for scoped environments. Perform reporting of findings, issue resolution and management of findings. Support client infrastructure assessments, audits and external exams. Provide effective, accurate and timely reporting. Participate in Information Security remote/table-top assessments. Identify high/critical risk findings and lead risk findings to resolution. Identify control deficiencies through gap analyses and identifying underlying root cause. Designing, implementing, and collaborating on a range of information security metrics and performance reports. Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies. Analyze control results in an objective and quantifiable manner. Produce detailed documentation of assessments and perform threat analysis of gaps identified. Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks. Validate evidence from vendors, before remediation plans are closed What we’re looking for 7 years of administrating vulnerability management systems (Qualys, Rapid 7, Tenable, Contrast, Prisma Cloud etc.)Exceptional critical thinking and problem solving skills. Expert knowledge of vulnerability management lifecycle, including remediation Ability to analyze device and traffic logs, extensive knowledge of TCP/ IP protocol stack. Additional skills in identifying automation and remediation opportunities is desirable; identifying and developing processes to effectively and efficiently replace manual reporting or validation efforts#LI-TW 1#LI-Remote.

search terms: Management+Vulnerability