Vulnerability Management Lead

at  Apriori

JOB SUMMARY:

aPriori is looking for a Vulnerability/Threat Management Lead who will be responsible for our vulnerability and threat management processes and solutions. This role will report to the Information Security Manager and will play a crucial role in identifying and mitigating potential vulnerabilities within our systems to ensure the security and resiliency of our assets. The primary responsibility will be to ensure all assets undergo regular vulnerability scans and relay any findings to the attention of the business while working within the security team to prioritize and remediate threats. The ideal candidate should have knowledge of regulatory requirements, risk management frameworks, and information security concepts and have familiarity with the ISO 27001 and SOC2 audit process.

EDUCATION AND EXPERIENCE:

• 3-5 years’ experience in a similar role, with a strong background in IT security, risk assessment, threat management or similar role.
• In-depth knowledge of security frameworks, standards, and regulations (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA).
• Experience with security tools and technologies, such as SIEM, DLP, endpoint protection, identity and access management (IAM), etc.
• Experience with tools such as Rapid7, Crowdstrike, Wiz/Lacework, Snyk/SonarQube/BlackDuck
• Experience with external reputation tools such as BlackKite, BitSight, etc.
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to effectively communicate security-related concepts to technical and non-technical audiences.
• Desire to develop leadership and project management skills, with experience leading cross-functional security initiatives.
• Ability to work independently with minimal supervision.
• Ability to prioritize tasks and projects to meet deadlines.
• Professional certifications are a plus.

PHYSICAL REQUIREMENTS:

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times
• Propensity for finding and posting appropriate memes within Teams conversations

• Conduct regular vulnerability assessments and scans on networks, systems, and applications to identify potential security risks.
• Analyze and prioritize identified vulnerabilities based on severity, potential impact, and likelihood of exploitation.
• Collaborate with cross-functional teams to develop and implement effective remediation plans for identified vulnerabilities.
• Monitor and track the progress of vulnerability remediation efforts to ensure timely and thorough resolution.
• Take on the role of application owner for vulnerability tools, including Crowdstrike, Snyk, BlackKite, etc.
• Coordinate third party penetration testing for required applications and network.
• Provide regular reports and updates on the status of vulnerabilities and remediation efforts to relevant stakeholders, including customers.
• Conduct root cause analysis and recommend process improvements to prevent future vulnerabilities.
• Work with third-party vendors and security researchers to stay informed of new vulnerabilities and potential risks.
• Participate in incident response activities, including investigations related to potential vulnerabilities.
• Assist with the development of vulnerability management policies and procedures.
• Train, educate, and collaborate with cross-functional teams on vulnerability management best practices to promote a culture of security awareness.
• Stay compliant with relevant regulations and standards related to vulnerability management.
• Act as a subject matter expert and provide guidance and support to other team members as needed.
• Continuously evaluate and improve the vulnerability management program to enhance its effectiveness and efficiency.
• Stay current with industry trends, emerging threats, and best practices in information security to ensure the organization remains proactive and well-prepared against potential threats.
• Foster a culture of security awareness and accountability throughout the organization.