Company Profile
A Fortune 500 company, CBRE is the global leader in real estate services and leverages the industry’s most powerful knowledge base to meet the commercial real estate needs of its clients worldwide. Our vision is to be the preeminent, vertically integrated, globally capable real estate service firm. Globally we employ over 80,000 employees and operate in over 60 countries.
The Team
Global Cyber Security Office – The Global CSO’s mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.
The Cybersecurity team is globally responsible for tracking security weaknesses and improvement as well as helping the company apply higher security standards. Presentation, interpretation and prioritization of the data are key for targeting improvement efforts.
Key Responsibilities
- Lead the review of security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities related to business assets
- Help lead meetings with business partners to ensure remediation efforts adhere to corporate standards and policies
- Perform comprehensive vulnerability assessments and continuous monitoring across the organization
- Maintaining familiarity with industry trends and security best practices as well as contributing to the information security team’s continuous improvement efforts
- Identify attack surface reduction opportunities via vulnerability data analysis, trends, and asset metadata review
- Work with other organizations such as Governance and Infrastructure to report on program status and coordinate risk tracking
- Produce visualizations of data to monitor developing trends/patterns and highlight areas of potential improvement
- Validates the vulnerabilities identified against the NIST Framework, National Vulnerability Database, MITRE ATT&CK and Security Best Practice standards such as CIS Benchmarks and vendor hardening standards
- Develop deliverable timelines and provide updates at regular cadence to the overall completeness of project efforts
- Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation
- Help identify and create metrics and KPIs (Key Performance Indicators) that could be tracked to measure the operational efficiency and engineer the respective remediation
- Create and maintain documentation of implemented solutions/systems including standard operating procedures
- Manage vulnerability related tickets to ensure issues are remediated within proper timelines
- Manage the onboarding of penetration tests, track to completion, and create metrics to demonstrate progress and maturity
- Experience preparing vulnerability data and reports for both technical and executive audiences
- Producing executive metrics and aging reports for managing an effective Vulnerability Management program
|
Required Knowledge and Skills:
- Advanced knowledge of the OSI model and security that is associated with each layer
- Experience in information security domain (vulnerability management and technical security standards compliance monitoring programs)
- Strong working knowledge of Linux/Unix and Windows operating systems
- Expert experience with vulnerability assessment solutions
- Strong technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
- Thorough understanding of TCP, UDP, HTTP, IP, and other network protocols
- Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action
- Advanced technical writing
- Proactive go getter attitude to solve challenging problems
- Stays up to date with current vulnerabilities and vulnerability related news
- High level IT security processes
- Extensive working experience with cloud technologies and tools such as AWS and Azure
- Think positively when faced with obstacles, build on other ideas, think logically and intuitively
- Ability to use manual tools to re-create and evaluate vulnerabilities
|
Required Knowledge and Skills:
- Advanced knowledge of the OSI model and security that is associated with each layer
- Experience in information security domain (vulnerability management and technical security standards compliance monitoring programs)
- Strong working knowledge of Linux/Unix and Windows operating systems
- Expert experience with vulnerability assessment solutions
- Strong technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
- Thorough understanding of TCP, UDP, HTTP, IP, and other network protocols
- Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action
- Advanced technical writing
- Proactive go getter attitude to solve challenging problems
- Stays up to date with current vulnerabilities and vulnerability related news
- High level IT security processes
- Extensive working experience with cloud technologies and tools such as AWS and Azure
- Think positively when faced with obstacles, build on other ideas, think logically and intuitively
- Ability to use manual tools to re-create and evaluate vulnerabilities
|
CBRE is an equal opportunity/affirmative action employer with a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law.
NOTE: An additional requirement for this role is the ability to comply with COVID-19 health and safety protocols, including COVID-19 vaccination proof and/or rigorous testing.
Job ID : 48603
More Information
-
Address
Dallas, TX, USA
-
Salary Offer
$100.000 ~
-
Experience Level
Senior
-
Total Years Experience
5-10