Cybersecurity Vulnerability Management Consultant

CyberOne is hiring! We hire smart, talented and high-performing professionals to push our organization forward and provide superior service to our customers. We each take accountability for our work, strive to make each other better, and genuinely love what we do. If you value learning new things, being innovative, and working in a supportive, collaborative environment, CyberOne may be the place for you.

If you are ready to raise the bar for your career and be part of our exciting journey, we would like to hear from you!

The Vulnerability Management Consultant is responsible for taking a lead role in tracking multiple organization’s security improvements and helping these organizations apply increasingly stringent security standards. This person will be responsible for implementation and operating Vulnerability Management tools and processes to help identify and communicate risks and status of systems and applications across organizations.  This role requires deep expertise in security standards, threat and vulnerability management, exploitation techniques, and secure development standards. It involves detecting vulnerabilities, assessing their impact on the organization, and communicating risks to stakeholders. This position also manages coordinated disclosure processes, collaborating with external researchers to responsibly report and resolve vulnerabilities.  

• Perform in-depth analysis of vulnerabilities by correlating data from various sources.
• Proactively research and monitor security-related information sources for vulnerability discovery.
• Assess the impact of vulnerabilities on critical systems or data and advise on remediation.
• Maintain patch and vulnerability management practices to protect against exploitation.
• Manage tracking and remediation of vulnerabilities, obtaining action plans from stakeholders and using ticketing systems.
• Research current vulnerabilities and exploits using trusted resources.
• Document remediation tasks for application and system owners.
• Report findings and remediation recommendations to stakeholders (e.g., executive reports, trends reports).
• Assist system engineering team in configuring and deploying vulnerability scanning and network assessment tools.
• Support Incident Detection and Response team in daily operations.
• Conduct scans to identify vulnerabilities and ensure security standards compliance.
• Coordinate with teams to perform regular patching and scanning.    
• Coordinate with external researchers and organizations during the disclosure process for responsible reporting and resolution.
• Previous functional experience in the areas of cybersecurity, data protection, and GRC management.
• Develop reporting metrics, dashboard, and evidence artifacts to address VM program requirements.
• Experience with communication of Cybersecurity topics (including risk) to management and business stakeholders.
• Knowledge of information system architecture and security controls (i.e., Cloud, firewall, operating systems, wireless architectures, databases, 3rd party risk, information security policies and procedures). 
• Experience with one or more of the following information security frameworks (PCI, CMMC, ISO, NIST, etc.).
• Demonstrate in-depth technical capabilities and professional knowledge and demonstrate the ability to assimilate new knowledge proactively.
• Active participation at information security conferences.

• 5+ years of relevant consulting or industry experience, preferably in a professional services environment (Big 4 is a plus).
• Extensive experience in vulnerability management, patch management, and configuration management best practices.
• Knowledge of researching vulnerabilities, exploitation techniques, and industry trends/threats.
• Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
• Experience with vulnerability and compliance scanning tools such as Qualys, Rapid7, or Tenable Nessus.
• Ability to interpret security advisories and understand vulnerability exploitation and impact.
• Detailed knowledge of all aspects of Vulnerability Management processes, tools, metrics, and reporting.
• Experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response.
• Comprehensive experience with all aspects of ERP Vulnerability Management and security and associated tools and processes.
• Understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques. Ability to identify tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
• Experience in Attack Surface Management (ASM) tools and implementation.
• Ability to understand and articulate complex vulnerability information to both technical and non-technical audience.
• Ability to self-direct project outcomes and achieve program goals with minimal supervision.
• Problem-solving and troubleshooting skills for resolving communication and system issues.
• Experience implementing scanning architectures.
• Familiarity with data analysis and visualization technologies.    
• Experience managing and tracking vulnerability cases.

• Experience performing basic scripting tasks using only what is found in the environment, such as BASH, PowerShell, Python, Perl, or other native scripting languages.
• Bachelor's degree in relevant discipline (e.g. MIS, CIS) preferred.

• Two or more professional certifications such as CISSP, CISA, CRISC, CGEIT, GRCP, CCISO or other relevant certifications.

• Prior project management and supervisory skills ideal.
• Demonstrated understanding of the importance of business ethics.
• Sound job administration skills.
• Above average written communication skills including documentation of findings and recommendations.
• Strong analytical skills.
• Ability to handle highly confidential information in a strictly professional manner.
• Ability to maintain professional demeanor in times of high stress.
• Excellent customer service skills to foster relationships and interact with local and remote clients in a persuasive and confident manner.
• Above average organizational and time management skills.
• Effective communication skills (verbal and written) including interaction with Sr. leadership, peers and team members.
• Multi-Tasking and Time Management Skills; can adapt to a changing, fast-paced environment.
• This role routinely uses standard office equipment such as laptop computers and smartphones

• Work is performed indoors in a climate-controlled environment.
• Travel may be required up to 30%.
• May be required to work evenings, weekends to meet company and customer needs.
• Must be able to remain in a stationary position 50% of the time.
• Must be able to move about inside a professional office environment.
• An environment that empowers employees to contribute to an organization that embraces a fail-fast mentality. 
• An open, supportive, fast paced, and collaborative work environment.

If you are passionate, driven and ready to take your career to the next level, we invite you to apply today! 

CyberOne is a proud Equal Opportunity and Affirmative Action Employer. All qualified applicants, regardless of race, color, genetic information, national origin, religion or belief, sex, affectional or sexual orientation, gender identity or expression, immigration status, ancestry, age, marital status, disability, or protected veteran status, are encouraged to apply and will receive equal consideration based on merit, qualifications, and business need.

Recruitment Agencies Please Note:

"In accordance with our recruitment policy, CyberOne strictly prohibits any form of solicitation of our employees by external agencies or third parties. Any candidate information that may be received from such agencies or third parties shall be deemed as a voluntary gift and shall become the exclusive property of CyberOne. Exceptions to this policy apply only when an Agency/Third Party is an Authorized Vendor of CyberOne, holding a valid and current contract that has been duly signed by our People Services Manager or CFO of CyberOne. Under no circumstances will any payment be made to any Agency/Third Party unless they are an Authorized Vendor or possess written approval from the CyberOne People Services Manager or CFO, granting them explicit permission to engage in recruitment efforts on behalf of CyberOne."