Vulnerability Management Lead

"I can succeed as a Vulnerability Management Specialist at Capital Group."

As a Vulnerability Management Specialist within the Security Operations Vulnerability Management team, you will lead the execution of the team's mission to identify, analyze, assign, prioritize, report and drive remediation of vulnerability risk within CG's technology systems.

Responsibilities:

• You will design, implement, and execute rigorous operational processes that maintain KPI and KRIs within acceptable levels

• You will implement and maintain systems and processes that manage vulnerability detection and asset data, perform analysis and produce actionable visualizations

• You will monitor vulnerability scanner scope and coverage to ensure accurate and complete vulnerability risk identification and work with operational partners to implement needed enhancements

• You will ensure the consistent assessment of vulnerability risk through application of threat intelligence and asset context

• You will regularly report and drive improvement in KRIs through proactive communication with remediation partners and their leadership teams

• You will design, implement, enhance and run operational processes that identify actionable insights from vulnerability data and trends

• You will mature team processes, tooling and relevant documentation in support of continuous improvement measured through OKRs

• You will ensure past due vulnerabilities are escalated to leadership and exception processes are executed in alignment with risk acceptance frameworks and policies

• You will provide vulnerability and/or misconfiguration remediation guidance, risk-awareness, and education to engineering and development teams

• You will manage compliance to Information Security standards and proactively identify needed process changes

• You have 5+ years of experience in managing security risk and driving mitigation activities

• You have 3+ years of experience in engineering and visualizing complex data sets that produce actionable insights (experience with tools such as Power BI, Tableau, etc.)

• You have experience designing and implementing operational processes to ensure delivery and improvement of target vulnerability KPIs and KRIs

• You are comfortable articulating vulnerability risk and influencing change with a wide variety of audiences

• You have a strong understanding of application and infrastructure vulnerabilities, how they are exploited and mitigated

• You have a broad understanding of legacy and modern IT infrastructure and application stacks, including containers and application dependencies

• You have experience with public cloud infrastructure, common misconfigurations, and recommended architectures (AWS, Azure, GCP)

• You hold public cloud provider certifications (AWS, Azure, GCP)

• You hold security related certifications (CISSP, GIAC, CISA, CISM)

• You have a bachelor's degree in computer science, information security or related field (or equivalent work experience)