Vulnerability Management Specialist

Vulnerability Management Specialist

Share This Job

Toronto, Ontario

Information Technology

Contract

20/01/2023

201524

Are you a vulnerability management specialist with 7+ years of experience? 
Are you proficient in designing and implementing vulnerability management programs? 
Do you have hands-on experience with end-to-end programs? 
Do you specialize in CISSP, CISM, and CRISC?

If so, this may be the opportunity for you!

Join a top employer and advance your career. Aplin has partnered with a Toronto-based company to hire a vulnerability management specialist on a hybrid, 5-month contract basis, with at least one day a week in the office. 

The vulnerability specialist will serve as a coordination point across all technologies to coordinate vulnerability management (VM) efforts with internal customers and service providers. Vulnerability management will include guidance, coordination, processes, grouping, workflows, exception handling, VM remediation processes, tracking, and reporting. They will provide situation-based support, using information security policies and compliance standards, to ensure identified vulnerabilities are remediated and updates are installed in an appropriate and timely manner.


You will need:

  • Experience conducting and driving an end-to-end vulnerability program, including scanning, reporting, remediation, and governance processes.
  • Reporting: pull data and build reports for vulnerability response and configuration compliance.
  • Provide status reports to leadership related to VM metrics, key risk indicators, trending risks, and compliance.
  • Initiate automation projects to minimize manual processes in operations.
  • ability to obtain and maintain technical team and business support; influence a collaborative effort; and reduce the attack surface.
  • capable of scripting in Python, Bash, Perl, or PowerShell

Education:

  • A bachelor's degree in computer science or a related discipline is preferred.

Qualifications

  • 7–10 years of experience in information security administration, vulnerability management, or security operations are required.
  • 5+ years of experience in IT systems administration, vulnerability management, and server configuration compliance
  • 5+ years of server vulnerability management and server configuration compliance: NVD, CVSS, CVE, MITRE CWE, CIS Benchmarks, Server Control Baselines, Standards, and Controls
  • experience managing IT vulnerability management processes, remediation, and infrastructure server patching guidance.
  • proficient with vulnerability management solutions such as Qualys, Tenable I/O, Nessus, Kenna Security, ServiceNow, and open source
  • understanding of Windows and Unix/Linux operating systems, endpoint applications, networking protocols, and devices
  • experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)
  • good collaboration and communication skills to influence remediation with server owners—vulnerability risk scoring, prioritization, and remediation tracking.
  • Strong data analysis skills are needed to analyze vulnerability data and publish metrics.
  • Bachelor’s degree from an accredited college or university or equivalent professional experience
  • CISSP, CISM, CRISC Security / Risk Certifications or similar – preferred.

Nice to have:

  • exposure to ServiceNow Modules—Vulnerability Remediation (VR)
  • understanding OWASP, CVSS, the MITRE AT TCK framework, and the software development lifecycle
 

Aplin, one of Canada’s Best Managed Companies, is an employment agency that finds top talent for exceptional organizations across North America. There are no fees to apply to our jobs or engage with our recruiters to find a new career. Companies hire us to help them grow their teams. Visit our website to learn more: www.aplin.com 

Easily manage your email preference and unsubscribe at any time. Aplin does not share your personal data with any third party, and our recruiters do not present your resume to any of our clients without first obtaining your permission.