Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.

Technical Vulnerability Subject Matter Expert and Vulnerability Progra

Eingestellt von Synectics

Gesuchte Skills: Net, Java

Projektbeschreibung

Seeking a Technical Vulnerability Subject Matter Expert and a Vulnerability Program Manager.

JOB DESCRIPTION:

VULNERABILITY PROGRAM MANAGER:

This role is a key position for managing the remediation of potential vulnerabilities, designed to off-load day-to-day project delivery oversight responsibilities from Senior Managers and Directors. This position works closely with Infrastructure, Development and Information Security Teams to lead, develop, and implement formal remediation project plans for the reduction of information security risk in the enterprise environment. This role is accountable for stewardship of large, cross functional development and systems integration projects. The Program Manager owns solution delivery and is ultimately responsible for development project leadership, management, quality, and timely delivery. The Program Manager has to work effectively with Leadership and multiple stakeholders to apply customer relationship management practices, including the identification of appropriate, mutually agreed objectives. The Program Manager must also be able to work effectively with and lead technical personnel (Development Team Managers, Systems Analysts, Developers, Testers), and clearly translate business priorities and objectives into technical solutions. The Program Manager will manage vulnerability remediation aspects of the team. Need someone who understands the processes and concepts, but this is more of a hands off management role. PCI industry experience is highly preferred.

TECHNICAL VULNERABILITY SUBJECT MATTER EXPERT:

This role is a key position for the identification, assessment, and remediation of potential vulnerabilities. This position works closely with Infrastructure, Development, and Information Security Teams to test application and infrastructure security control effectiveness and provide guidance for control improvements for the protection of classified data. Need someone who knows how to operate vulnerability and app scanning tools and who has penetration testing skills. PCI industry experience is highly preferred.

PRIMARY DUTIES AND RESPONSIBILITIES:

VULNERABILITY PROGRAM MANAGER:

- Ensures coordination of delivery teams within various domains.
- Works with development leads to define code drops and coordinates the alignment of code drop dependencies.
- Provide overall development project leadership, and direct project teams in the delivery of high-quality products within committed time frames.
- Coordinates through the development managers all delivery activities and act as the escalation point for all development and build issues specific to projects.
- Coordinate with the development teams to ensure the right teams are working on the right build components at the right time, with clear expectations of milestones and goals.
- Coordinates and communicates night of deployment status and issues to leadership on planned deployment activity dates.
- TECHNICAL VULNERABILITY SUBJECT MATTER EXPERT:
- Work with stakeholders, supply chain and legal to initiate projects.
- Manage RFP processes for selection and implementation of remediation processes, tools and procedures.
- Manage the remediation project budget.
- Manage complex information security vulnerability remediation projects.
- Create project plans, identify and assign resources, establish timelines and track and monitor progress.
- Work through competing priorities, resolve resource conflicts and communicate project risk.
- Drive and track options, decisions and offer guidance for project completion.
- Develop and report metrics to track and measure project success, trends and remediation timelines.
- Perform infrastructure and application security penetration testing using automated tools and manual methodologies (ie, Metasploit, IBM AppScan, OWASP).
- Develop and present executive and technical test reports that include findings and remediation recommendations.
- Manage resources, budgets, schedules, and deliverables for all penetration testing activities, both internal and external.
- Manage strategic partnerships, contracts, and statements of work for 3rd party vulnerability assessments.
- Manage externally reported security research bug bounty program.
- Develop effective internal partnerships with Infrastructure, Development and QA Teams.
- Develop and report metrics to track and measure findings, trends and remediation timelines.

SKILLS:

SKILLS/QUALIFICATIONS:

- Bachelor's Degree.
- PMP Certification desirable.
- Demonstrable knowledge of project management using industry standard tools and methodologies.
- 5+ years' experience as a Project Manager working with compliance, risk management or information security managing large complex projects.
- Experience working with large, geographically distributed IT Organizations.
- Working knowledge of Payment Card Industry (PCI) requirements or other compliance requirements (eg; SOX) in a highly regulated environment.
- Working knowledge of industry standards and control frameworks such as NIST and ISO 27001.
- Have excellent oral and written communication skills, including ability to verbally collaborate on tasks and schedules with Management and Technical Teams.
- Ability to communicate with all levels of management to explain project risks, resource requirements and project timelines.
- Ability to communicate and work effectively with clients.
- Demonstrable knowledge of penetration testing using industry standard tools and methodologies.
- Have a development background with one or more languages (ie, C#, .NET, Java).
- Working knowledge of Payment Card Industry (PCI) requirements for vulnerability testing and remediation.
- Working knowledge of OWASP controls for application security.
- Working knowledge of industry standards and control frameworks such as NIST and ISO 27001.
- Have a strong willingness to learn new tools and testing methodologies.
- Have excellent oral and written communication skills, including ability to verbally present reports to Management and Technical Teams.

Projektdetails

  • Vertragsart:

    Contract

  • Berufserfahrung:

    Keine Angabe

Geforderte Qualifikationen

  • Kategorie:

    IT Entwicklung

  • Skills:

    net, java

Synectics