Vulnerabililty Management Consultant

Job Title:

Vulnerabililty Management Consultant

About Trellix:

Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work. Our comprehensive, GenAI-powered platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Along with an extensive partner ecosystem, we accelerate technology innovation through artificial intelligence, automation, and analytics to empower over 53,000 customers with responsibly architected security solutions.
We also recognize the importance of closing the 4-million-person cybersecurity talent gap. We aim to create a home for anyone seeking a meaningful future in cybersecurity and look for candidates across industries to join us in soulful work. More at https://www.trellix.com/.

Role Overview:

We are seeking a seasoned Vulnerability Management Consultant to lead and enhance our organization's vulnerability management program. This role involves identifying, assessing, prioritizing, and remediating security vulnerabilities across our IT infrastructure, ensuring alignment with industry best practices and compliance frameworks. The candidate should also be familiar with healthcare-specific regulations such as HIPAA, HITECH, and HITRUST.
The ideal candidate will possess a strategic mindset, technical proficiency, and the ability to collaborate across departments, while also being able to work independently to fortify our client's security posture.
This position is within the metropole of New York, with the flexibility to travel on-site as needed. Will consider remote.

Vulnerability Identification & Assessment

• Conduct regular vulnerability scans using tools such as Nessus, Qualys, or Rapid7.
• Analyze scan results to identify potential security weaknesses.
• Maintain an up-to-date inventory of assets to ensure comprehensive coverage.

Risk-Based Prioritization

• Evaluate vulnerabilities using the Common Vulnerability Scoring System (CVSS) and other risk assessment methodologies.
• Prioritize remediation efforts based on potential impact and exploitability.

Remediation & Mitigation

• Collaborate with IT and development teams to remediate identified vulnerabilities.
• Implement mitigation strategies when immediate remediation is not feasible.
• Track remediation efforts to ensure timely resolution.

Program Development & Enhancement

• Design and implement a structured vulnerability management lifecycle.
• Integrate automation and orchestration to streamline processes.

Compliance & Reporting

• Ensure practices comply with frameworks such as NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27005, and ITIL.
• Prepare detailed reports for stakeholders.

Stakeholder Collaboration

• Engage with cross-functional teams to promote security awareness.
• Provide guidance and training on vulnerability management.

QualificationsEducation & Experience

Bachelor's degree in Computer Science, Information Security, or a related field. Number of years of experience will also be considered.

Minimum of 5 years of experience in cybersecurity, with a focus on vulnerability management.

Certifications

Relevant industry standard certifications such as CISSP, CISM, or CompTIA Security+.

Technical Skills

• Experience with Nessus, Qualys, Rapid7 InsightVM, OpenVAS.
• Familiarity with Burp Suite, OWASP ZAP.
• Manual testing techniques to validate scan results.
• Expertise with CVSS, CVE analysis.
• Threat modeling to understand attack vectors.
• Understanding of NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27001/27002, ITIL.
• Familiarity with HIPAA, PCI DSS, and GDPR requirements.
• Knowledge of Windows, Linux, Unix, including system hardening.
• Understanding of TCP/IP, DNS, HTTP/S.
• Proficiency in Python, PowerShell, Bash.
• Integration of scanning tools into CI/CD pipelines.
• Experience with AWS, Azure, GCP and native security tools.
• Familiarity with Docker, Kubernetes, or related container security tools.
• Experience with Splunk, LogRhythm, QRadar.
• Ability to correlate vulnerability data with security events.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans

• Medical, Dental and Vision Coverage

• Paid Time Off

• Paid Parental Leave

• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.