Description

This hybrid position is responsible for all tasks related to vulnerability management in a complex environment that demands one to stay current with emerging technologies and vulnerabilities. Attributes we will look for in our candidates include excellent technical and analytical skills, communication and flexibility, innovative thinking and problem solving.
In addition, this position is responsible for analyzing security vulnerabilities and determining if there is an attack surface and impact. The ideal candidate understands the full cycle of a software vulnerability, from exploitation to mitigation.

Responsibilities:
• Drive vulnerability management tasks inside the company, including processing reports, tracking items and their remediation, analyzing trends and reporting
• Maintain a working knowledge of current and emerging AppSec threats, such as how they work, remediation and exploitability factors
• Map vulnerability assessment results to asset inventory
• Recalculate severity for risks that decrease due to exploitability limitations and threats, prioritizing vulnerabilities based on residual risks
• Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable
• Creation of vulnerability metrics and remediation-related dashboards and reports
• Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration
• Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities
• Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis)
• Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs
• Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies
• Execute responsibilities with an understanding of the Global Security vision, strategic objectives, and priorities

#LI-Hybrid

Qualifications

• Solid understanding of the OWASP Top 10 and emerging attack vectors
• Previous experience with vulnerability management lifecycle.
• Experience with application vulnerabilities scanning tools (SAST, SCA) such as Checkmarx, Blackduck, Fortify or others.
• Experience in driving discussion and consensus involving cross functional teams (including remote and offshore) over security recommendations and planned actions.
• Excellent written and verbal communication skills.
• Has good organizational and interpersonal skills and broad experience in interacting successfully with both technical and non-technical people.
• Demonstrated ability to work well independently with little input, and as a part of a team.

Preferred Qualifications:
• Previous experience with systems administration and/or programming.
• Preferred certifications: OSCP, GMON, GWAPT, GXPN, GPEN, GWAPT or OSWE.
• Demonstrate knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
• Vulnerability discovery and exploit creation.
• Quantitative risk assessment experience (FAIR).
• Bachelor’s Degree in Information Systems, Computer Science or related discipline or equivalent work experience.

Company Overview

EEO Statement

Colorado, New York, Washington, and California Pay Law

The pay range for this position in Colorado, New York, Washington and California is $95,000 to $136,550, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG’s comprehensive benefits can be reviewed on our careers site at https://www.ukg.com/careers.

San Francisco Bay Area Pay Law

There is a different range applicable to specific work locations, within the San Francisco Bay area, the base pay range for this role in those locations is USD $109,250 to $157,000 per year.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.