Vulnerabililty Management Consultant

undefined ago • 5 Years +

Job Summary

Job Description

This role is for a seasoned Vulnerability Management Consultant at Trellix, responsible for leading and enhancing the organization's vulnerability management program. Key responsibilities include identifying, assessing, prioritizing, and remediating security vulnerabilities across IT infrastructure, ensuring compliance with industry best practices and frameworks like HIPAA, HITECH, and HITRUST. The consultant will conduct scans, analyze results, prioritize risks, collaborate on remediation, and develop program enhancements, while also ensuring compliance and reporting to stakeholders.
Must have:
  • Lead and enhance vulnerability management program.
  • Identify, assess, prioritize, and remediate security vulnerabilities.
  • Ensure compliance with industry best practices and frameworks.
  • Familiarity with healthcare regulations (HIPAA, HITECH, HITRUST).
  • Conduct regular vulnerability scans using tools like Nessus, Qualys.
  • Analyze scan results and maintain asset inventory.
  • Evaluate vulnerabilities using CVSS and risk assessment.
  • Prioritize remediation based on impact and exploitability.
  • Collaborate with teams for remediation and implement mitigation.
  • Track remediation efforts for timely resolution.
  • Design and implement structured vulnerability management lifecycle.
  • Integrate automation and orchestration for processes.
  • Ensure compliance with NIST RMF, ISO/IEC 27005, ITIL.
  • Prepare detailed reports for stakeholders.
  • Engage cross-functional teams to promote security awareness.
  • Provide guidance and training on vulnerability management.
Perks:
  • Retirement Plans
  • Medical, Dental and Vision Coverage
  • Paid Time Off
  • Paid Parental Leave
  • Support for Community Involvement

Job Details

Role Overview:

We are seeking a seasoned Vulnerability Management Consultant to lead and enhance our organization's vulnerability management program. This role involves identifying, assessing, prioritizing, and remediating security vulnerabilities across our IT infrastructure, ensuring alignment with industry best practices and compliance frameworks. The candidate should also be familiar with healthcare-specific regulations such as HIPAA, HITECH, and HITRUST.

The ideal candidate will possess a strategic mindset, technical proficiency, and the ability to collaborate across departments, while also being able to work independently to fortify our client's security posture.

This position is within the metropole of New York, with the flexibility to travel on-site as needed. Will consider remote.

Vulnerability Identification & Assessment

  • Conduct regular vulnerability scans using tools such as Nessus, Qualys, or Rapid7.
  • Analyze scan results to identify potential security weaknesses.
  • Maintain an up-to-date inventory of assets to ensure comprehensive coverage.

Risk-Based Prioritization

  • Evaluate vulnerabilities using the Common Vulnerability Scoring System (CVSS) and other risk assessment methodologies.
  • Prioritize remediation efforts based on potential impact and exploitability.

Remediation & Mitigation

  • Collaborate with IT and development teams to remediate identified vulnerabilities.
  • Implement mitigation strategies when immediate remediation is not feasible.
  • Track remediation efforts to ensure timely resolution.

Program Development & Enhancement

  • Design and implement a structured vulnerability management lifecycle.
  • Integrate automation and orchestration to streamline processes.

Compliance & Reporting

  • Ensure practices comply with frameworks such as NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27005, and ITIL.
  • Prepare detailed reports for stakeholders.

Stakeholder Collaboration

  • Engage with cross-functional teams to promote security awareness.
  • Provide guidance and training on vulnerability management.

Qualifications

Education & Experience

Bachelor's degree in Computer Science, Information Security, or a related field. Number of years of experience will also be considered.

Minimum of 5 years of experience in cybersecurity, with a focus on vulnerability management.

Certifications

Relevant industry standard certifications such as CISSP, CISM, or CompTIA Security+.

Technical Skills

  • Experience with Nessus, Qualys, Rapid7 InsightVM, OpenVAS.
  • Familiarity with Burp Suite, OWASP ZAP.
  • Manual testing techniques to validate scan results.
  • Expertise with CVSS, CVE analysis.
  • Threat modeling to understand attack vectors.
  • Understanding of NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27001/27002, ITIL.
  • Familiarity with HIPAA, PCI DSS, and GDPR requirements.
  • Knowledge of Windows, Linux, Unix, including system hardening.
  • Understanding of TCP/IP, DNS, HTTP/S.
  • Proficiency in Python, PowerShell, Bash.
  • Integration of scanning tools into CI/CD pipelines.
  • Experience with AWS, Azure, GCP and native security tools.
  • Familiarity with Docker, Kubernetes, or related container security tools.
  • Experience with Splunk, LogRhythm, QRadar.
  • Ability to correlate vulnerability data with security events.

Similar Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Skill Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Jobs in Albany, New York, United States

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 53,000 business and government customers. More at https://trellix.com.

Washington, District Of Columbia, United States (Remote)

Albany, New York, United States (Remote)

United States (Remote)

Cork, County Cork, Ireland (On-Site)

Malaysia (Remote)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (On-Site)

Chennai, Tamil Nadu, India (On-Site)

State Of São Paulo, Brazil (On-Site)

View All Jobs

Get notified when new jobs are added by Trellix

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug