Vulnerability Management and Configuration Assurance Engineer
Company: MassMutual
Location: Boston
Posted on: November 12, 2024
Job Description:
The TeamThe Vulnerability Management and Configuration Assurance
(VMCA) team is responsible for identifying, assessing,
prioritizing, reporting, and continuous monitoring of
vulnerabilities and configuration baseline deficiencies within our
organization's infrastructure, applications, and systems. Our team
plays a critical role in maintaining the security posture of the
company by proactively managing vulnerabilities that could be
exploited by attackers.The ImpactVMCA is motivated by a shared
sense of responsibility to protect the organization's assets and
reputation by knowing our work directly mitigates security threats
and prevents potential breaches, strong collaboration with other
security and IT teams, continuous learning, innovation, and
problem-solving. The culture of VMCA consists of proactive and
preventative mindsets, collaboration, cross-disciplinary
communication, accountability, ownership, agility, adaptability,
inclusivity, knowledge sharing, and transparency.Roles &
Responsibilities:Key responsibilities will consist of the following
to ensure digital assets are resilient against emerging threats,
reducing potential financial and reputation damage from security
incidents:
- Collaborate with internal architecture teams to continuously
improve the vulnerability management tool(s) architecture and
strategies tailored to enterprise needs.
- Collaborate with internal solution architects to design
scalable, efficient solutions that integrate with existing IT and
security infrastructures.
- Oversee the vulnerability management tool(s) and its
integrations ensuring minimal impact to end-users, data accuracy
and completeness, and visibility.
- Design, implement, and optimize the enterprise vulnerability
management tool.
- Continuously evaluate current and potential toolset, ensuring
we are meeting requirements, identifying gaps, and planning for
resolutions.
- Develop and maintain security metrics and reporting dashboards
to track tool effectiveness.
- Provide expert guidance and mentorship to junior members of the
team.
- Ensure compliance with relevant regulations and security
frameworks (e.g., NIST, ISO 27001, NY DFS, etc.)
- Identify issues and/or defects with tools, perform
troubleshooting, and engage with vendors as needed for
resolution.
- Focus on continuous process improvement and identify
opportunities for automation.
- Develop and manage standard operating procedures for
maintaining the operation of the vulnerability management tool(s)
and integrations.
- Work in a dynamic cross-function environment, partnering with
technology and security teams to align practices and tools.The
Minimum Qualifications
- Bachelor's degree
- Minimum of 5+ years of expertise in cybersecurity with a focus
on vulnerability and configuration management tools or similar
disciplines.The Ideal Qualifications
- Advanced degree in engineering, computer science, information
security, or a related field.
- Relevant security certifications such as CISSP, CEH, CVA,
Security+, OSCP, etc., from an industry recognized certifier (e.g.,
SANS/GIAC, CompTIA, ISACA, ISC2, etc.)Strong knowledge of
vulnerability scanning tools (Qualys, Nessus, Rapid7, etc.).
- Experience with using vulnerability remediation workflow
automation tools (e.g., ServiceNow CMDB and SecOps module).
- Knowledge of cybersecurity concepts and methods including, but
not limited to secure configuration management, data protection,
security monitoring, incident response, patch management,
governance, enterprise security strategies and architecture.
- Deep understanding of security vulnerabilities, exploits, and
mitigation techniques.
- Strong understanding of risk analysis, vulnerability assessment
methodologies, and securing baselines.
- Clear understanding of various operating systems (Windows,
Unix, etc.,), secure configuration and build images.
- Experience with cloud platforms (AWS, Azure, GCP) and security
frameworks specific to cloud environment.
- Familiarity with security best practices, regulatory
requirements, and industry frameworks (e.g., NIST, ISO, CIS,
etc.,).
- Experience with automation, scripting, and orchestration
(Python, PowerShell, etc.)
- Strong knowledge of networking protocols, firewalls, VPNs, and
security measures.
- Strong analytical, problem-solving, communication, and
technical writing skills.
- Experience working with in large, complex environments.
- Ability to manage multiple projects and tasks effectively, with
a proactive and detail-oriented approach.
- Able to translate complex technical issues into simple, easy to
understand concepts.What to Expect as Part of MassMutual and the
Team
- Regular meetings with the Vulnerability Management and
Configuration Assurance team.
- Focused one-on-one meetings with your manager.
- Access to mentorship opportunities.
- Networking opportunities including access to Asian,
Hispanic/Latinx, African American, women, LGBTQIA+, veteran and
disability-focused Business Resource Groups.
- Access to learning content on Degreed and other informational
platforms.
- Your ethics and integrity will be valued by a company with a
strong and stable ethical business with industry leading pay and
benefits.#LI-SC1MassMutual is an Equal Employment Opportunity
employer Minority/Female/Sexual Orientation/Gender
Identity/Individual with Disability/Protected Veteran. We welcome
all persons to apply. Note: Veterans are welcome to apply,
regardless of their discharge status.
If you need an accommodation to complete the application process,
please contact us and share the specifics of the assistance you
need.
Keywords: MassMutual, Portland , Vulnerability Management and Configuration Assurance Engineer, Executive , Boston, Maine
Didn't find what you're looking for? Search again!
Loading more jobs...