Security Engineer - Vulnerability Management

September 16

Apply Now

Receive Emails with Similar Jobs

RingCentral

WebsiteLinkedInAll Job Openings

Cloud-based business phone systems • virtual PBX • unified communication • smartphone apps • Internet fax

5001 - 10000

Description

• Maintain Vulnerability Management process • Perform vulnerability scans using different tools/methods • Prioritize findings and assign them to system/service owners • Monitor for, triage and track remediation of vulnerabilities in our systems and networks • Conduct risk-based evaluation of policy exception requests • Develop automatization for all steps above • Develop visualization of current VM state • Participate in and assist with audits of information security program (FedRAMP, SOX, GDPR, SOC2, HITRUST) • Act as a member of the information security policy review committee • Conduct routine log review of information security events, investigating and responding as necessary • Maintain and enhance monitoring capabilities to ensure the integrity of our systems and networks • Act as a member of the Incident Response Team, triaging, responding to and reporting incidents and associated metrics • Administer and maintain security products (phishing training, vulnerability management, web application firewall, SIEM, IDS, (h)IPS, EDR, etc) • Participate in on-call rotation • Maintain a comprehensive understanding of our information systems • Work closely with the multiple operation teams to implement and enforce our policy • Coordinate and participate in external assessments of our information security (risk assessment, penetration test, incident response tabletop)

Requirements

• Experience operating vulnerability scanning tools (Qualys, Nessus, etc) • Familiarity with vulnerability management concepts, such as CVE and CVSS • Familiarity with hardening standards and benchmarks (CIS, STIG, etc) • Strong knowledge of endpoint and server operating systems (e.g. Windows, macOS, Linux) and relevant security risks, controls, and vulnerabilities • Strong knowledge of network and network security fundamentals • Familiarity with enterprise security tools (antivirus, firewalls, email monitoring, two-factor authentication, SIEM, IDS/IPS, etc.) • Familiarity with AWS environments and AWS security tools • Knowledge of and experience with compliance/remediation efforts of relevant domestic and international security standards and best practices such as FedRAMP, SOX, SOC2, NIST, GDPR and HIPAA • Familiarity with cloud computing environments and applications in a security context strongly preferred • Ability to quickly change priorities and handle simultaneous tasks • Excellent oral and written communications

Benefits

• Comprehensive medical, dental, vision, disability, life insurance • Health Savings Account (HSA), Flexible Spending Account (FSAs) and Commuter Benefits • 401K match and ESPP • Flexible PTO • Wellness programs including1:1 wellness coaching through TaskHuman and meditation guidance through Headspace • Paid parental leave and new parent gift boxes • Pet insurance • Employee Assistance Program (EAP) with counseling sessions available 24/7 • Rocket Lawyer services that provide legal advice, document creation and estate planning • Employee bonus referral program