Vulnerability Management Specialist

The Vulnerability Management Program Manager will design, build, operate and maintain a sustainable vulnerability management program. This program will need to assess and evaluate vulnerabilities through automated scanning and specific offensive penetration testing and red team exercises.

The Vulnerability Management Program Manager is responsible to design and manage a vulnerability management program that will ingest relevant threat intelligence, identify vulnerabilities, and communicate risk. The successful candidate is responsible to provide vulnerability tracking, risk communication, resolution guidance and escalation. This role will manage the vulnerability data repository, vulnerability scans, reporting, and vulnerability analysis and remediation recommendations. The successful candidate will collaborate with a wide range of functional groups including Compliance, Legal, Security Architecture, and Engineering teams.

This position requires deep analytical skills as well as a robust understanding of technology, tools, testing techniques and countermeasures. The successful candidate will work at a high level and should be able to mentor and advise other team members and act as a subject matter expert for all aspects of vulnerability management.

Responsibilities:

  • Own and drive the Vulnerability Management strategy for Trinity Industries, Inc.
  • Design, build, and coordinate day-to-day operations of vulnerability management program
  • Deliver actionable metrics and reporting for operations and leadership transparency
  • Develop processes and run books for vulnerability management practices
  • Serve as subject matter expert related to vulnerability management and secure configuration
  • Collaborate with other security and IT professionals to assess potential impact of vulnerabilities and recommend mitigating controls
  • Provide mentorship, coaching, performance management and support to team members with regard to vulnerability assessment
  • Apply problem solving and critical thinking to solve unique and sophisticated vulnerability management problems with a sense of urgency using a pragmatic approach
  • Design and execute simulations and security assessments beyond automated tool validation, including full exploitation to identify gaps in existing cybersecurity detection and response capabilities
  • Maintain regular communication with business and security leadership for collaboration, process optimization, tools tuning, and information sharing
  • Develop and maintain in-depth knowledge and hands-on experience with computer network security techniques and best practices
  • Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs) from security events across a large network of security devices and end-user systems

Qualifications:

  • Bachelor’s Degree or equivalent work experience
  • 8+ experience of experience in cybersecurity (or I.T. coupled with cybersecurity) with at least 5 years’ experience in vulnerability management or related fields such as penetration testing, Security Operations Center, or threat intelligence
  • 5+ years’ experience in vulnerability management or related fields such as penetration testing, Security Operations Center, or threat intelligence
  • Expertise with enterprise vulnerability management platforms such as Qualys, Tenable, or Rapid7
  • Expert in-depth knowledge of security vulnerabilities
  • Knowledge of adversary tactics, techniques and procedures (TTPs) and MITRE ATT&CK principles
  • Experienced with one or more scripting languages (e.g., Python, PowerShell)
  • Experience working with large data sets to extract actionable information and insights
  • Proven experience with manual and automated penetration testing of hardware, software, operating systems, and cloud systems
  • Detailed understanding of Red Team concepts and adversarial tradecraft within networking, web applications, Windows, Linux, and cloud
  • Ability to plan, organize, prioritize, and work independently to meet deadlines

Preferred Qualifications:

  • GEVA, CySA+, OSCP, OSWE, PNPT or other relevant certifications
  • Demonstrated knowledge and ranking from any of the following: bug bounty programs, Hack the Box, Try Hack Me, etc.
  • Knowledge of ISO, NIST, and IT Controls
  • Experience supporting organizations in the Manufacturing Industry
  • Advanced experience with vulnerability scanning tools and other security testing tools
  • Ability to adapt to a dynamic environment

EEO Employer

Trinity provides equal employment and affirmative action opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. View the EEO is the Law poster here and its supplement here. The pay transparency policy is available here. Trinity participates in E-Verify, details here.

Trinity is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to trinityrecruiting@trin.net. This email address should only be used for accommodations and not general inquiries or resume submittals.

Job ID : 2200700

More Information

Apply for this job

Leave your thoughts