Position Title: Senior Security Engineer – Vulnerability Mgmt & Threat Intelligence
Location: Remote (Work@Home)
Schedule: 8 hrs a day Core working hours are 9am – 4pm CST. Can start earlier or end later.
Duration: Full-Time
Company Background:
Our client is a global leader providing online education, assessment, remediation, certification, and e-learning solutions for the post-secondary academic market specifically serving the nursing, allied health, sports medicine, public safety, and the financial services industries. Our client employs more than 900 employees in 35 states. The company portfolio companies consist of Jones and Bartlett Learning, ATI Nursing Education, the National Healthcare Association, ExamFX, the National Academy of Sports Medicine, Boston Reed, Advanced Informatics, and ClickSafety.
The Senior Security Engineer – Vulnerability Mgmt & Threat Intelligence will contribute to the achievement of P&L objectives for the business by providing a single point of accountability for Technology & Operations deliverables.
Core Responsibilities
- Is responsible for the collection, analysis, and dissemination of cyber threat intelligence. These capabilities will include timely collection of vulnerabilities or threats, analysis, prioritization and storage of threat intelligence information, and operational support of the incident response process.
- Author threat intelligence reports, driven by our security operations teams’ own incidents, analysis or third-party intelligence.
- Provide support for the automation of threat intelligence ingestion and analysis across internal sources and external sources.
- Research and analyze known hacker methodologies, system exploits, and vulnerabilities to support methodology development and execution
- Drive cross-team efforts to address systemic risks across the business
- Ability to conduct vulnerability assessments on a wide variety of technologies and implementations utilizing both automated tools and manual techniques.
- Assist with vulnerability scanning tools and processes as requested.
Education and Experience
- Applicants should possess 8+ years of professional, industry experience in job description relevant security domains and functions. Examples include – Vulnerability Management, Application Pen Testing, Red Teaming, Security Incident Response, Threat Hunting or Threat Management/Intelligence.
- 3 years’ experience with threat intelligence analysis tools, methods, and the intelligence lifecycle.
- Deep understanding of malware, ransomware, phishing, and how technical vulnerabilities are exploited.
- Recent familiarity with emerging cyber threats, modern defenses, and the MITRE ATT&CK framework.
- Network routing/switching experience, primarily LAN is required.
- Three or more years of experience in working with penetration testing or ethical hacking is desired.
- Preferred Certifications: Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT).
- Experience with Rapid7 InsightVM or other vulnerability scanner is a plus.
Skills and Abilities
- Strong understanding of threat analysis and enterprise level mitigation strategies
- Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.
- Self-starter and ability to work effectively in a fast-paced and dynamic environment.
- Proactive attitude towards anticipating problems, implementing solutions, and accomplishing goals.
- Highly detail oriented, process minded and driven by continuous improvement attitude.
- Ability to work under pressure to meet project deadlines or operational SLAs.
- Outstanding verbal and written communication.