Vulnerability Management EngineerPrimary Location Plano, Texas Additional Locations Date posted 01/11/2019
In this role, you will use various security tooling to identify, classify and track remediation of vulnerabilities in our systems. You will interact with other teams to enable prioritization, escalation and remediation of vulnerabilities, as needed. You will use both automated scanners as manual penetration testing to assess the security posture of the environment. You will document policies, standards and processes related to Vulnerability Management, and keeps them current. You will keep track of remediation of vulnerabilities as they are handed off to the other teams.
You will keep improving existing process by automation and integration. You will thrive on working with other engineers in a dynamic and collaborative environment where meeting project goals and delivering quality is key.
With the mission of capturing the biggest market share in the area of cyber security, network security, endpoint security, threat research, malware research, cloud security, we work together for a common goal of shaping the company’s future by designing and building the best in class robust and scalable security products for consumer and enterprise customers. As industry top performers, we aim to develop optimized high-performance system software solutions with high availability and reliability.
About the role:
- Conduct vulnerability scans at the network, operating system, database, and application levels on both internal and external systems within this organizations enterprise
- Provide technical guidance to engineering teams regarding the impact of security issues
- Drive remediation by working with various teams
- Assist in generating asset inventory reports and identify discrepancies
- Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
- Automate vulnerability scans
- Develop technical and non-technical solutions to help mitigate security risks
- Support various compliance audits, including PCI, HIPAA, SOC, and ISO
- Develop integrations between various tools and our VM management system
- Improve existing security process by automation and integration
- Deliver security metrics and improvement
- Document security guidance, process and related policy
- Champion security in the engineering organization
- Bachelor’s degree in computer science or a technology related filed required
- Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
- Knowledge in Vulnerability Management and its related processes and procedures
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems
- An understanding of PCI Compliance and EU GDPR Requirements
- An understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Development experience with one of the following languages: Python, Java, Go or Ruby
- Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
- Experience with common CI/CD and software deployment automation tools
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge
- Strong sense of ownership, urgency, and drive
- Knowledge of AWS (Amazon Web Services), GPC (Google Private Cloud), Azure, or other cloud platforms and related technologies is desired.
Our corporate culture and values are central to McAfee’s philosophy. Every day we embrace a more diverse workforce and inclusive environment. We are encouraged to bring your true selves to work. Our wide range of social communities & programs, flexible work hours and family-friendly benefits, all allow our employees to feel valued as people, while enjoying positive and challenging work. Check out more: Careers & Life at McAfee. Perks include:
- Pension / Retirement Programs
- Medical, Dental and Vision Coverage Programs
- Support for Community Involvement and Programs
Unleash your Power … Join our Talent Network: http://careers.mcafee.com/
Shift 1 (United States of America)
HQD1 - US - Plano TX
McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.