Security Vulnerability Engineer
Apply NowCompany: Omni Inclusive
Location: Bellevue, WA 98006
Description:
Primary Tasks and Responsibilities:
ssist in defining, driving, and delivering key elements of Truveta's vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company
Establish regular and actionable vulnerability reports for review by Leadership and Engineers
Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements
Establish vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams
Proactively engage Engineering teams to ensure timely remediation of vulnerabilities identified during application security assessments, cloud infrastructure vulnerability scans, and manual application security tests
bility to use automation tools to write orchestration playbooks to remediate configuration issues/apply patches, etc.
Manage day-to-day operations of vulnerability identification and remediation at Truveta
Be curious about Truveta's produces services and how cyber risks and vulnerabilities could impact operations
Use prior experience to lead, mentor, and coach peers in effectively managing vulnerabilities
Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services
Continuously review security and privacy practices
Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services
Upkeep of vulnerability management security tooling
Key Qualifications:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems
5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment
Must have prior development experience with Python, .NET, and Java code languages
Experience designing and managing a world-class vulnerability management program
Excellent written and verbal skills
bility to be a self-starter and motivated to help Engineering teams understand cyber security best practices
dvanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools
Experience creating and implementing strategies for complex systems
Knowledge and experience with information security controls, infrastructure, and implementation techniques
Preferred Qualifications
Experience in improving vulnerability remediation requirements
Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations
Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH
Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)
Experience in securely operating highly distributed systems with published SLAs
Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2
ssist in defining, driving, and delivering key elements of Truveta's vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company
Establish regular and actionable vulnerability reports for review by Leadership and Engineers
Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements
Establish vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams
Proactively engage Engineering teams to ensure timely remediation of vulnerabilities identified during application security assessments, cloud infrastructure vulnerability scans, and manual application security tests
bility to use automation tools to write orchestration playbooks to remediate configuration issues/apply patches, etc.
Manage day-to-day operations of vulnerability identification and remediation at Truveta
Be curious about Truveta's produces services and how cyber risks and vulnerabilities could impact operations
Use prior experience to lead, mentor, and coach peers in effectively managing vulnerabilities
Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services
Continuously review security and privacy practices
Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services
Upkeep of vulnerability management security tooling
Key Qualifications:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems
5+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment
Must have prior development experience with Python, .NET, and Java code languages
Experience designing and managing a world-class vulnerability management program
Excellent written and verbal skills
bility to be a self-starter and motivated to help Engineering teams understand cyber security best practices
dvanced knowledge of SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools
Experience creating and implementing strategies for complex systems
Knowledge and experience with information security controls, infrastructure, and implementation techniques
Preferred Qualifications
Experience in improving vulnerability remediation requirements
Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations
Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH
Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)
Experience in securely operating highly distributed systems with published SLAs
Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2