Vulnerability Management Service Automation and Integration Architect/Engineering Manager
Deloitte Technology Cyber Risk Posted: 20-Aug-2024
Arlington, Virginia, United States
Mclean, Virginia, United States
Rosslyn, Virginia, United States
Work you'll do
- Manage global vulnerability management (VM) integration and regional VM solution analysis, implementation and orchestration.
- Design, develop, and implement automation scripts and workflows to deploy and manage vulnerability management infrastructure and applications
- Provide strategic advice, technical guidance and expertise to program and project staff.
- Participate in the design, lifecycle management, and total cost of ownership of the vulnerability management platform, applications, and infrastructure services
- Collaborate with cross-functional teams to understand and translate system requirements into efficient and scalable automation solutions
- Assist with problem escalation as needed
- Document architecture designs, configurations, and best practices for CI/CD pipelines, DevSecOps practices, and SDLC tooling.
- Provide training and knowledge transfer sessions to Development, DevOps teams and other stakeholders on the use and maintenance of CI/CD pipelines and related tools.
- Influence standards and platforms for future application development
- Mentor team members in the understanding and deployment of vulnerability management and security solutions
- Stay current with new and evolving technologies via formal training and self-directed education
The team
Qualifications
- Good understanding of cloud architectures (Azure, AWS, GCP) and the security implications of cloud-based infrastructure.
- Competence in managing and optimizing vulnerability and configuration scanning tools (e.g., Qualys, Tenable, Rapid7).
- Technical Vulnerability Knowledge: In-depth knowledge of technical vulnerabilities and their impact.
- Experience automating processes and procedures
- Understand VMS program risk reduction strategy and leverage cadence calls and team bandwidth to prioritize risk reduction efforts
- Proficiency in data analysis and reporting tools (Excel, Power BI) to support vulnerability management reporting.
- Hands-on experience with vulnerability scanners (commercial and open-source solutions)
- Proven experience of working in vulnerability management in an internationally-focused industry, understanding specific challenges and strategies.
- Proficiency in programming & scripting languages such as Java, C#, Python, PowerShell, Bash and experience in using APIs of various solutions.
- Experience with DevOps practices and tools such as Azure DevOps, Git, Bamboo, Jenkins, GitHub.
- Experience working in Cybersecurity, Cyber Risk, Business Risk Management, Operational Risk
- Experience of managing small-medium technology teams
- Experience in management of vulnerability management and/or risk remediation
- Familiarity with cybersecurity vendors and services
- Exposure to common information security management frameworks, such as OWASP, ISO/IEC 27001, COBIT, CISA, SOC 2,and NIST, including 800-53 and the Cybersecurity Framework
- Bachelor’s Degree: preferably in a service management or information technology-related field
- 10 years of experience as an Applications, Solutions or Platform Architect or similar role; additional experience in cyber security, systems and applications management, including systems/application design and development preferred
- Knowledge of the Deloitte firm, member firms, and the businesses
- Professional IT or Security management certification, at least one or more of CISSP, CCSP, CRISC, CISM, GIAC, OSCP, Security+, CEH, etc.
- Experience working in a program/project delivery environment
- Executive presence, stakeholder management, and ability to influence without authority
- Strong oral and written communication skills
- Strong listening skills to understand priorities and requirements
- Strong emotional intelligence and empathy
- Relationship building skills with internal colleagues and external customers
- Strong ownership culture, positive attitude, and high tolerance for ambiguity
- Familiarity with application, server, and network security is preferred; understanding of security architectures, network security, Active Directory, least privilege, etc
- Strong leadership and mentorship skills, with the ability to work collaboratively with cross-functional teams.
- Ability to work on multiple projects, manage multiple tasks, re-prioritize workload as demands change.
- Detail oriented, with proven ability to challenge and identify opportunities within existing processes and business practices.
- Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles
- Working knowledge of – Qualys Solutions, vulnerability, and patch Management tools
- Skilled in configuring and managing Attack Surface Management tools such as CyCognito.