Perform scheduled security vulnerability assessments across global applications and infrastructure.
Manage, coordinate, and track vulnerabilities from discovery, triage, remediation, and validation.
Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
Coordinate, schedule, and manage the engagement process (with internal stakeholders and third-party vendors) for vulnerability remediation activities.
Formally document and establish well-defined processes, procedures, remediation and mitigation strategies, and lessons learned.
Manage vulnerability related tickets to ensure issues are remediated within designated timelines.
Provide vulnerability mitigation strategies and meaningful vulnerability metrics.
Support the maintenance and operations of vulnerability assessment infrastructure through refresh initiatives and annual planning.
Report on findings and respond to requests and known vulnerabilities as well as delivering ad-hoc vulnerability scans on request.
Coordinate emergency vulnerability patching, including remediation efforts.
Conduct research and provide feedback to leadership and Cybersecurity team members of the recommended actions for vulnerability scan findings.
Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
Provide support of maintenance and operations to the vulnerability assessment toolsets.
Provide support to internal processes to ensure compliance with the Payment Card Industry (PCI) standard.
Support internal and external auditors in their duties that focus on compliance and risk reduction.
Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.